Protect WP-Config.php File

The wp-config.php file is the file that shows the blog database with username, password. If any hackers can read this file and get all the information, they can mess up the database if they want to. I found this on the website and hope it does work with our WordPress. Edit “.htaccess” of the blog root and resave – set the permission to 444.

permission 444     accessing wp-config.php

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /family/
RewriteRule ^index.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /family/index.php [L]
</IfModule>

# END WordPress
# protect the htaccess file
<files .htaccess>
order allow,deny
deny from all
</files>
# disable the server signature
ServerSignature Off
# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>

3 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *