Protect WP-Config.php File

The wp-config.php file is the file that shows the blog database with username, password. If any hackers can read this file and get all the information, they can mess up the database if they want to. I found this on the website and hope it does work with our WordPress. Edit “.htaccess” of the blog root and resave – set the permission to 444.

permission 444     accessing wp-config.php

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /family/
RewriteRule ^index.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /family/index.php [L]
</IfModule>

# END WordPress
# protect the htaccess file
<files .htaccess>
order allow,deny
deny from all
</files>
# disable the server signature
ServerSignature Off
# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>

This entry was posted in WordPress 3.2.1 and tagged . Bookmark the permalink.

3 Responses to Protect WP-Config.php File

  1. This is a great tip especially to those fresh to the blogosphere.
    Short but very precise info… Appreciate your sharing this one.
    A must read post!

Leave a Reply

Your email address will not be published. Required fields are marked *

Random Popular Posts