How to protect your WordPress config file

Posted on September 25, 2010 by Viki Pandit

Did you know that the standard WordPress installation is vulnerable to attacks from hackers? The wp-config.php file contains very sensitive information about your WordPress installation, including your database access, table prefix and Secret Keys. Once you have installed WordPress, here are a few steps you must take to protect your website from being hacked. You can find it in the root folder of your WordPress installation directory.

You will not find this file in a downloaded copy of WordPress. WordPress automatically creates the file on the server when you use the “Five minute install” wizard.

Download your .htaccess file from the server. This is located in the same section as your wp-config.php or index.php file. Using a text editor, like Notepad, open your .htaccess file. Copy and paste the following code into your .htaccess file to deny access to your wp-config.php file.

Source code

# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>

Bookmark the permalink.