Is your wp-config.php file secure? You can deny access to this file by following simple steps.
Steps to Deny Access to Your wp-config.php File Under WordPress Installation
- You will find your wp-config.php in the main directory of your WordPress installation and it is used to access the database.
- In this file comprises of your user id, password and database name in unencrypted format.
- Though it might be a .php file and no one should be able to see its content from the browser, you shouldn’t keep it in the main folder without doing anything about it.
- .htaccess in WordPress is commonly used to setup custom permalink for better SEO optimization. But you can utilize .htaccess to minimize vulnerability of your site.
- It is good to update your .htaccess to deny access to it. Here, files directive can be used to deny access to certain files. This directive can be used for any file on your website.
- Simply add the below code to your .htaccess present under the www directory:
# to protect wp-config.php
deny from all
Here “deny all” will deny the access to wp-config.php for all.