3 Easy Ways To Secure WP-Config File

If you are working with WordPress than wp-config.php is one of the important file. It has a lot of information which is the prime reason you want to secure wp-config file.

Hackers will look for this file for many reasons, it has a lot of important information about your database and your WordPress installation. Though it’s a PHP file which can’t be viewed directly from the remote but they have their ways to reach their.

Image: jscreationzs

Here are the 3 easy way to make sure your file is secure.

1) This is the simplest way. If you have WordPress install on the root of your public_html, than just move wp-config file to one level up. So if file path was

/home/username/public_html/wp-config.php

It will become as

/home/username/wp-config.php

No other changes required as WordPress knows that is has to search one level up in-case file is not at its usual place.

Benefit is that nobody other than you, has the write access there, so your file is secure.

2) If your WordPress installation is not on the root folder, you have it installed on subdomains or subfolder than above tip won’t work.

Bu you can still secure wp-config with the help of file permissions.You can change the file permission to 600 to prohibit anybody reading it. (this is the recommended permission from WordPress also.)

3) You can restrict the access through .htaccess file. Add below lines to your .htaccess file in the same folder as wp-config file.

# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>

Once you have these lines in your .htaccess file, it will restrict anybody from accessing that file and anybody who tries to get access to the file will get an 403 forbidden error.

Note: If you don’t have .htaccess file in the same folder you can create a new one in notepad, just enter above lines and save it as .htaccess.

So these are the 3 easy steps which can safeguard your blog and secure wp-config file.

Let us know if you like these tips.