security WordPress

How To Secure WordPress configuration file

Web site running on WordPress has many benefits over other Content Management Systems, and the most important is wp-config.php file that contains very sensitive information about your WordPress installation , including your database detail, table prefix and Secret Keys.

So this file should be secure from hackers because they can find the valuable information stored in the wp-config.php file.If someone get access this file, he can get website database username and password, he could log in and undo everything that you’ve built! Therefore, take whatever steps you can to secure that file so that no one can access it.To do so, follow these steps:

secure WordPress

How to protect your WordPress wp-config.php file:

Protect it the .htaccess Way

Josiah Cole wrote a nice htaccess tutorial on modifying your .htaccess to protect the wp-config.

Here’s the code from  Digging Into WordPress:

# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all

After updating your  wp-config.php, Change file permission (chmod) on wp-config.php to 640.

Move the WP-Config file to a secret folder

If you move the wp-config file to an unpredictable location and change the code, it would create a problem every time you upgrade WordPress. So there is a better solution, create a separate PHP file in a non-WWW location and add the location of WP-Config file in it. On the following link you can find detail about How to create PHP file and add secure location it: Protect WordPress wp-config.

If you found this post helpful or have any questions, please leave your comment below.


5 out of 5 stars based on 287 rating(s).
  • Nur

    I am a WordPress, Website Developer and Designer, creator @ WP Arena, Provide Free WordPress consultation and can help to install WordPress in a secure way to small businesses and bloggers.