Astra saved my website from the dreaded Japanese SEO hack. Have used Astra for my website's security ever since & super happy to see dozens of attacks being stopped & the support I've received Ingrid Kjelling
Owner, IK Photography

[Lesson 2] Learn How To Protect Your wp-config File In 5 Minutes

How to Protect wp-config File in Your WordPress

wp-config.php is that one file which can literally make or break your website. This special file contains the WordPress configuration details and is one of the most vital files on your website.

It holds confidential information of your WordPress database among other necessary information required to access the database. This makes it crucial to secure it.


Here are some ways to Secure wp-config.php file:


1. Protection through .htaccess file

Step 1 – Connect your WordPress website using an FTP Client.

Step 2 – Navigate to the public_html directory and download the .htaccess file.

Step 3 – Edit and include the following lines of code in the end of the .htaccess file:

#protect wpconfig.php

<files wp-config.php>
  order allow,deny
  deny from all


Once you’re done editing save and upload it back to the server.

These lines will resist internal access and code modifications to your wp-config.php.


2. Protect by Moving wp-config.php

Usually, the wp-config.php file is located in the root directory. Changing its default location can reduce the risk of it getting hacked.

You can do this by following a few steps:

  1. Step 1 – Connect your website using an FTP client.
  2. Step 2 – Select the wp-config.php file and cut it’s content and place it in a file outside to public_html as shown in the video.
  3. Step 3 – Few steps here are a little tricky, hence you’d need to follow video rigorously.

3. Setting up the correct file permissions for wp-config.php

The wp-config is one of the most sensitive files in the entire directory since it contains all the information about base configuration and also the database connection information. The appropriate file permission for this file will be 400. This means that the user has permission to only read and others will not be able to access the file.

Secure WordPress Site Email Course

WordPress Security Lessons

Rock solid security, amazing support

Super Secure My Business