The Easiest WordPress Security Tip Ever!

Written by admin. Posted in WORDPRESS

Tagged: , , , , , , , ,

Published on June 27, 2013 with No Comments

Sometimes you encounter a tip which is so simple you can’t believe you didn’t know about it before.

If you’re running WordPress, you’ll have defined a wp-config.php file which contains essential settings such as the MySQL database host, name, user and password. It normally sits in the location where WordPress was installed — in most cases this will be the web server root but it could be any sub-folder.

You certainly don’t want wp-config.php falling into the wrong hands. Under normal circumstances, a naughty cracker cannot view the file because the PHP interpreter would parse it and return an empty page. However:

  • The cracker will know exactly where the file is located and can target it more effectively.
  • If PHP fails, e.g. perhaps during a update, wp-config.php could be viewed directly in a browser by entering the URL.

Ready for the simple tip…

Move the wp-config.php file into the folder above your WordPress installation.

For example, you may have a folder structure such as /home/mysite/public_html/ where WordPress is installed. In that case, you would move wp-config.php into /home/mysite/.

This has several benefits:

  1. Assuming /home/mysite/public_html/ was the web server’s root folder, /home/mysite/ is inaccessible to anyone using a browser.
  2. A cracker has less chance of locating the correct file.
  3. It’s so simple, there’s little reason not to do it!

Perhaps this won’t be the most exciting tech article you read today, but it’s useful to know. I hope it helps with your security efforts.



Get Started with
Ruby on Rails

Github, Twitter and Hulu. All huge. All successful. All Rails.

Learn the web development framework of the moment with our newest book and course.

Learn Rails

Learn CSS | HTML5 | JavaScript | WordPress | Tutorials-Web Development | Reference | Books and More

No Comments

Comments for The Easiest WordPress Security Tip Ever! are now closed.