Like other Content management systems on the web, WordPress is keep updating files to make it more secure. The WP-Config.php file is one of the most important files in the WordPress file system. It is essential that it be protected for vulnerabilities. WordPress team are trying hard to improve the system security at their own end but you should try to keep up to date with latest version of WordPress and keep hide your WordPress version from crackers and you should take additional security steps to make it more secure.
I already mention the steps about securing your wp-config file in my previous post, but today will trying to give you some more suggestions about it. As mentioned, place following code in in an .htaccess file and both file must be in a in the same that contains your
<Files wp-config.php> Order Allow,Deny Deny from all </Files>
Generate & Store Strong Passwords
The wp-config.php file contain Database credentials, so make them secure as more as you can, keep in mind following tips for secure and strong password:
1. Must be at least 15 characters
2. Must be a combination of upper and lower case letters, must include number and symbols if your hosting company do allow to do that for mySQL database
3. Must be unique and not included names or dictionary passwords
4. You can use Strong Password Generator: Use this strong password generator to generate secure, random passwords. It’s free. But I recommend to create your own password
5. Must be be same as your FTP, cPanel, wp-admin, database, email or similar to any other social media account like Facebook and Twitter.
6. Try to change your password frequently.
7. For security porpose never save or write your password on piece of paper, make it secure as much as you can. There are some tools and applications like Roboform, where you can manage all your login detail.
WordPress Security Keys and Salts
It is very important to add the unique keys and salts for security reason. There is an online secret-key service for automatic key-generation. Visit this link and refresh the page and copy the keys and past them into your wp-config.php file. For more Security and Tips to secure your WordPress powered Website, you can read Digging Into WordPress.