wp-config.php file is most important file in WordPress. If you remove all other wordpress files, you can restore your wordpress with this single file. You must be aware of hacker’s techniques and follow basic security rules to protect wp-config.php file in WordPress.
wp-config.php file stores all important information of WordPress installation. From database details to Authentication Unique Keys and Salts – everything is stored here.
So, as a WordPress website owner, you must take extra step to secure this file. If someone gets access to this file, he gets access to your complete WordPress website – including your database. Beware of hackers.
In this article, we’ll learn different ways to protect wp-config.php file in WordPress.
Method 1 to protect wp-config.php file in WordPress
Adding this simple code to your .htaccess file will prevent unauthorized access to your wp-config.php file.
# Disable direct access to wp-config.php
deny from all
Method 2 to protect wp-config.php file in WordPress
Move your wp-config.php file to one folder above the default folder. For example, if you’re hosting WordPress in /public_html folder, just move your wp-config.pgp file to / folder i.e. root folder.
Now, make a new blacnk wp-config.php file with the following code
define('ABSPATH', dirname(__FILE__) . '/');
require_once(ABSPATH . '../path/to/wp-config.php');
and put it in your default WordPress location. Just change /path/to/wp-config.php in above code to your root folder path.
Method 3 to protect wp-config.php file in WordPress
You should also change the file permission of wp-config.php to protect it from hackers. The recommended setting for wp-config.php file in WordPress in 600.
Note: Changing file permission is available on Linux / Unix server and not on Windows server.
You can use your Control Panel File Manager or FTP client like FileZilla, CoreFTP etc. to change file permission.
File Manager in Control Panel
Here is a screen shot of FTP client CoreFTP.
Just right click on wp-config.php file and change permission to 600.