Do not reveal sensitive information or that may compromise a WordPress installation is as important as establishing all active and passive perimeter measures necessary to guarantee the security of the web.
Consequently, protect WordPress wp-config.php file is a way to reinforce the security of the CMS because the file wp-config.php contains very sensitive information about your WordPress installation, such as the WordPress security keys and the WordPress databases and connection details.
Hosting Mautic QuickStart -50% with support in Spanish
24 hours and free training
Send up to 1,000,000 emails/year. Mautic support in Spanish 24 hours, 365 days
Protect the file wp-config.php WordPress is a task that, although it may seem complex from the theoretical side, in practice it is something simple to do, allowing to secure minor but important information that avoids sieges to a WordPress installation to compromise it.
Protect wp-config.php file via .htaccess
It is the fastest, easiest to apply and most effective solution. To carry it out you can follow these steps:
- Access via FTP or from the File Manager from your Hosting panel to your website and download (FTP) or edit the hidden file .htaccess (If you do it by FTP, if you can, use SFTP better to encrypt the communication between the computer and the server).
- With a text editor like Notepad open the file .htaccessor from the Code Editor of File Manager of your Hosting Panel edit it.
- Paste the following code into your file .htaccess to deny access to the file wp-config.php(add it to the end of the file):
# protect wpconfig.php
Once you have made the changes (via FTP) to the .htaccess file you can upload it back to the root of your website to overwrite the old one. If you used the File Manager Code Editor from your hosting panel, just click “Save”.
Remove sensitive information from wp-config.php
Create a new config.php file
Creating a new WordPress configuration file and hosting it outside of the usage folder is a recommended measure that is not too complicated and further secures sensitive data.
Either via FTP or from the File Manager from the hostin panel we can create a new file called “config.php”. Ideally, this file should be created in an accessible directory no wwwfor example, if your blog or web content is on /home/your_username/public_html/you can create the file config.php in /home/your_user/ so that the file cannot be accessed by your visitors. Normally it is in a directory older than public_html or www (symbolic directory of /public_html).
open the file wp-config.php existing file and copy the lines containing the database connection details, the database prefix and also the WordPress security keys from the file wp-config.php to the new config.php file. Don’t forget to add at the beginning of the new config.php file and ?> at the end of the file.
Modify the wp-config.php file
After deleting all sensitive data from the file wp-config.phpnow you just have to add the following straight line after in the File include(‘/home/your_username/config.php’);. So the first two lines of your file wp-config.php they should look like this:
With this change, instead of having all sensitive information stored in the file wp-config.phpthe aforementioned file will be reading this information from a different place, where the information to be protected is located in the file config.php.
Note that the path /home/your_user/ varies from one web server to another so if you are not sure what the absolute path of your website is, check with the Support Department.
If you have problems implementing these suggestions or improving the security of your WordPress installation and you are a client of , access the Customer Forum and make your query!we will be happy to help you and will try to answer all the WordPress questions you may have!.
Help us improve our content by sharing your opinion
Member of the technical support team.
Coordinator of contents in the Blog and in Youtube.
Technical support in CyberProtector. Teacher at University
Facebook Comments
Disqus