Web site running on WordPress has many benefits over other Content Management Systems, and the most important is a wp-config.php file that contains very sensitive information about your WordPress installation, including your database detail, table prefix, and Secret Keys.
So this file should be secure from hackers because they can find the valuable information stored in the wp-config.php file.If someone gets access this file, he can get website database username and password, he could log in and undo everything that you’ve built! Therefore, take whatever steps you can to secure that file so that no one can access it.To do so, follow these steps:
How to protect your WordPress wp-config.php file:
Protect it the .htaccess Way
Josiah Cole wrote a nice htaccess tutorial on modifying your .htaccess to protect the wp-config.
Here’s the code from Digging Into WordPress:
# protect wpconfig.php <files wp-config.php> order allow,deny deny from all </files>
After updating your wp-config.php, Change file permission (chmod) on wp-config.php to 640.
Move the WP-Config file to a secret folder
If you move the wp-config file to an unpredictable location and change the code, it would create a problem every time you upgrade WordPress. So there is a better solution, create a separate PHP file in a non-WWW location and add the location of WP-Config file in it. On the following link you can find detail about How to create a PHP file and add secure location it: Protect WordPress wp-config.
If you found this post helpful or have any questions, please leave your comment below.