[Lesson 2] Learn How To Protect Your wp-config File In 5 Minutes
How to Protect wp-config File in Your WordPress
wp-config.php is that one file which can literally make or break your website. This special file contains the WordPress configuration details and is one of the most vital files on your website.
It holds confidential information of your WordPress database among other necessary information required to access the database. This makes it crucial to secure it.
Here are some ways to Secure wp-config.php file:
1. Protection through .htaccess file
Step 1 – Connect your WordPress website using an FTP Client.
Step 2 – Navigate to the public_html directory and download the .htaccess file.
Step 3 – Edit and include the following lines of code in the end of the .htaccess file:
order allow, deny
deny from all
Once you’re done editing save and upload it back to the server.
These lines will resist internal access and code modifications to your wp-config.php.
2. Protect by Moving wp-config.php
Usually, the wp-config.php file is located in the root directory. Changing its default location can reduce the risk of it getting hacked.
You can do this by following a few steps:
- Step 1 – Connect your website using an FTP client.
- Step 2 – Use the Move tool in File Manager
- Step 3 – Select the wp-config.php file and move it to the directory of your wish.
3. Protect by Modifying wp-config.php File
This file must be created in a non-WWW accessible directory so that it is protected from foreign access or external attackers. Additionally, it must not be present in the public_html directory.
You can do this by creating a new configuration file or you can do this by following these steps:
Step 1 – open the current wp-config.php file and
Step 2 – move the lines which contain the database connection details, database prefix and also WordPress security keys.
Step 3 – Append these at the end of the file.
Step 4 – After moving all the sensitive data from the wp-config.php file, add the following line just as the <?php term in the wp-config.php file:
This makes sure there is no sensitive information left on your main wp-config.php file.
4. Setting up the correct file permissions for wp-config.php
The wp-config is one of the most sensitive files in the entire directory since it contains all the information about base configuration and also the database connection information. The appropriate file permission for this file will be 400. This means that the user and groups have permission to only read and others will not be able to access the file.
WordPress Security Lessons
Rock solid security, amazing support