The wp-config.php file is a standard of WordPress installation.
Now question is that how we protect it.
You certainly don't want this file falling into the wrong hands.
Now question is that how we protect it.
You certainly don't want this file falling into the wrong hands.
How to protect your WordPress wp-config.php file:
I will be tell you two basic methods which will protect your wp-config.php file
First I will be tell you how to protect it through .htaccesss file.
1. Download your .htaccess file from the server. This is located in the same section as your wp-config.php or index.php file. (If you don't have an .htaccess file, then you will need to create one.)
2. Using a text editor, like Notepad, open your .htaccess file.
3. Copy and paste the following code into your .htaccess file to deny access to your wp-config.php file.
1. Download your .htaccess file from the server. This is located in the same section as your wp-config.php or index.php file. (If you don't have an .htaccess file, then you will need to create one.)
2. Using a text editor, like Notepad, open your .htaccess file.
3. Copy and paste the following code into your .htaccess file to deny access to your wp-config.php file.
# protect wpconfig.php
order allow,deny
deny from all
deny from all
The second method which I am telling you guys is by protecting the wp-config by moving the file to unpredictable location.
Ok example that web include path for your server was /home/Name/public_html/
You can actually save a file in the /homeName/ area and it won’t be web accessible. Meaning that even if somebody were able to read your wp-config, they wouldn’t get anything valuable.
Ok example that web include path for your server was /home/Name/public_html/
You can actually save a file in the /homeName/ area and it won’t be web accessible. Meaning that even if somebody were able to read your wp-config, they wouldn’t get anything valuable.
First step
Create a “config.php”
Within this config.php file I included the following:
Create a “config.php”
Within this config.php file I included the following:
<?php
define('DB_NAME', 'your_db_name'); // The name of the database
define('DB_USER', 'your_db_username'); // Your MySQL username
define('DB_PASSWORD', 'your_db_pass'); // DB Password
define('DB_HOST', 'localhost'); // Localhost
$table_prefix = 'yourdbprefix_'; // Only numbers, letters, and underscores please!
?>
define('DB_NAME', 'your_db_name'); // The name of the database
define('DB_USER', 'your_db_username'); // Your MySQL username
define('DB_PASSWORD', 'your_db_pass'); // DB Password
define('DB_HOST', 'localhost'); // Localhost
$table_prefix = 'yourdbprefix_'; // Only numbers, letters, and underscores please!
?>
Modify the WP-Config
Then modified the “wp-config.php” file to include the file. If somebody were to some how read the contents of my WP-Config, all they would see is this:
<?
phpinclude('/home/Name/config.php');
// Change this to localize WordPress. A corresponding MO file for the
// chosen language must be installed to wp-includes/languages
.// For example, install de.mo to wp-includes/languages and set WPLANG to 'de'
// to enable German language support.
define ('WPLANG', '');
/* That's all, stop editing! Happy blogging. */
define('ABSPATH', dirname(__FILE__).'/');
require_once(ABSPATH.'wp-settings.php');
?>
Hopefully you get the idea. Save your sensitive information in a non-WWW location, and have the WP-Config file read it in. This way you won’t have to change anything if you have to upgrade WordPress.
0 comments:
Post a Comment