How to secure your WordPress wp-config.php File

[Michael Amon]

The wp-config.php file is the most important file to protect on your site. It contains your username, password, and database name (among other things) for your WordPress install and by default, is accessible from any web browser.

Try it. Enter http://www.yourwebsite.com/wp-config.php and you should see a blank white page (if you see plain text, you've got a bigger problem).

Harmless, right? Sure, but imagine for a minute the shared server you're on somehow gets hacked and the php handler gets changed to txt–you're in trouble. It's not very likely but you can make one of the following changes to prevent this which adds another layer of protection and gives you peace of mind.

There are two main ways to easily protect the wp-config.php file from prying eyes and hackers. Both methods require you to have sftp or server-level access. Also turn off any caching plugins you may be using before attempting this steps.

Option 1 – Move wp-config.php up one directory

This is the easiest way assuming you're comfortable moving files on your server. Essentially this works by taking wp-config.php and moving it outside of the public realm (typically one level above /public_html).
The cool part is WordPress automatically knows to look up one directory if it can't find wp-config.php in the default location.

Option 2 – Modify your .htaccess or .conf file
This option is a little more advanced and requires that you're running Apache or Nginx. You'll need to edit your .htaccess file (Apache) or nginx.conf (Nginx) using a text editor. Be careful not to alter any other code in this file otherwise your site may break.

For Apache, paste the following code into .htaccess at the top:

# Deny public access to wp-config.php
<Files wp-config.php>
    Order allow,deny
    Deny from all
</Files>

For Nginx, paste in the following code into nginx.conf:

[COLOR=#666666][FONT=inherit][I]# Deny public access to wp-config.php
[/I][/FONT][/COLOR]location ~[COLOR=#339933][FONT=inherit]*[/FONT][/COLOR] wp[COLOR=#339933][FONT=inherit]-[/FONT][/COLOR]config[COLOR=#339933][FONT=inherit].[/FONT][/COLOR]php [COLOR=#009900][FONT=inherit]{[/FONT][/COLOR] 
deny all[COLOR=#339933][FONT=inherit];[/FONT][/COLOR] 
[COLOR=#009900][FONT=inherit]}
[/FONT][/COLOR]

Save and sftp it back to the server (if needed). You'll need to restart Nginx but not Apache.
To test if it works, try visiting http://www.yourwebsite.com/wp-config.php in your web browser again. Instead of a blank white screen, you should see an "Access Forbidden 403″ error message.

 

[Herbalist Dr MziziMkavu]

mkuu.@Young Master ni nzuri nimeipenda.

 

[Michael Amon]

mkuu.@Young Master ni nzuri nimeipenda.

Shukrani mkuu...naona siku hizi umeamua kuwa sharobaro.

 

[Herbalist Dr MziziMkavu]

Shukrani mkuu...naona siku hizi umeamua kuwa sharobaro.

Mkuu Young Master Sipo sharubaru huku Ughaibuni wakati huu ni wakati wa baridi ndio tena tunajiandaa kuvaa maguo mazito na sweta nzito sio Usharobaro miaka 47 mim ni baba mwenye mtoto wa miaka25 bado nitakuwa sharubaro?nimegeuka Mzee majuto ? kila kitu na wakati wake hu ndio wakati wenu sisi tena wakati wtu umeshapitwa mkuu au nimekosea?

 

[Michael Amon]

Mkuu Young Master Sipo sharubaru huku Ughaibuni wakati huu ni wakati wa baridi ndio tena tunajiandaa kuvaa maguo mazito na sweta nzito sio Usharobaro miaka 47 mim ni baba mwenye mtoto wa miaka25 bado nitakuwa sharubaro?nimegeuka Mzee majuto ? kila kitu na wakati wake hu ndio wakati wenu sisi tena wakati wtu umeshapitwa mkuu au nimekosea?

Hujakosea mkuuwa wangu...ila hiyo avatar yako bado nusu nikusahau aisee.

 

[Herbalist Dr MziziMkavu]

Hujakosea mkuuwa wangu...ila hiyo avatar yako bado nusu nikusahau aisee.

mkuu Young Master Avatar yangu umeipenda?nimejikoki nikiwa nataka kutoka nje ya nyumba huwa

ninavaa hivyo ili baridi isinipige masikioni au hata kichwani mkuu huku wakati wa baridi kunatisha baridi ya huku ni

mbaya sana kali kushinda baridi ya Tanzania kule Njombe, iringa,Makambako ,Arusha ,mbeya na Nairobi hakuna

baridi huko East Africa kuliko Baridi ya ulaya wakati wa baridi mimi huwa sikupendi ulaya natamani nirudi Africa

mpaka wakati wa jua kutoka mwezi wa Tano mwakani ndio kuna nafuu ya joto lakini kuanzia huu mwezi wa 11

haswa kuanzia tarehe 20 ni baridi mtindo mmoja mpaka mwisho wa mwezi wa tano mwakani ndio tena

tunapumuwa mkuu kazi ipo tena ya nguvu kukabili hali ya hewa ya baridi.

 

[Michael Amon]

mkuu Young Master Avatar yangu umeipenda?nimejikoki nikiwa nataka kutoka nje ya nyumba huwa

ninavaa hivyo ili baridi isinipige masikioni au hata kichwani mkuu huku wakati wa baridi kunatisha baridi ya huku ni

mbaya sana kali kushinda baridi ya Tanzania kule Njombe, iringa,Makambako ,Arusha ,mbeya na Nairobi hakuna

baridi huko East Africa kuliko Baridi ya ulaya wakati wa baridi mimi huwa sikupendi ulaya natamani nirudi Africa

mpaka wakati wa jua kutoka mwezi wa Tano mwakani ndio kuna nafuu ya joto lakini kuanzia huu mwezi wa 11

haswa kuanzia tarehe 20 ni baridi mtindo mmoja mpaka mwisho wa mwezi wa tano mwakani ndio tena

tunapumuwa mkuu kazi ipo tena ya nguvu kukabili hali ya hewa ya baridi.

Duh!!! Kwa kweli kazi mnayo mkuu...ila avatar yako nimeipenda...imetulia.

 

[Herbalist Dr MziziMkavu]

Duh!!! Kwa kweli kazi mnayo mkuu...ila avatar yako nimeipenda...imetulia.

Asante sana mkuu Young Master Ubarikiwe Ameen.