Related Posts Plugin for WordPress, Blogger...

Tuesday, January 8, 2013

How To Protect Wp-config.php file So You Don’t Get Hacked

Today we will be try to protect our wp-config.php file as we know that wp-config.php file contains very sensitive information about your WP Installation and database access, table prefix and Secret Keys.
The wp-config.php file is a standard of WordPress installation.
Now question is that how we protect it.
You certainly don't want this file falling into the wrong hands.

How to protect your WordPress wp-config.php file:
I will be tell you two basic methods which will protect your wp-config.php file
First I will be tell you how to protect it through .htaccesss file.
1. Download your .htaccess file from the server. This is located in the same section as your wp-config.php or index.php file. (If you don't have an .htaccess file, then you will need to create one.)
2. Using a text editor, like Notepad, open your .htaccess file.
3. Copy and paste the following code into your .htaccess file to deny access to your wp-config.php file.
# protect wpconfig.php
order allow,deny
deny from all
The second method which I am telling you guys is by protecting the wp-config by moving the file to unpredictable location.
Ok example that web include path for your server was /home/Name/public_html/
You can actually save a file in the /homeName/ area and it won’t be web accessible. Meaning that even if somebody were able to read your wp-config, they wouldn’t get anything valuable.
First step 
Create a “config.php
Within this config.php file I included the following:
define('DB_NAME', 'your_db_name'); // The name of the database
define('DB_USER', 'your_db_username'); // Your MySQL username
define('DB_PASSWORD', 'your_db_pass'); // DB Password
define('DB_HOST', 'localhost'); // Localhost
$table_prefix = 'yourdbprefix_'; // Only numbers, letters, and underscores please!

Uploaded this file to a non-WWW readable location. Normally this should be the directory before “public_html” or “www”.
Modify the WP-Config
Then modified the “wp-config.php” file to include the file. If somebody were to some how read the contents of my WP-Config, all they would see is this:

// Change this to localize WordPress. A corresponding MO file for the
// chosen language must be installed to wp-includes/languages
.// For example, install to wp-includes/languages and set WPLANG to 'de'
// to enable German language support.
define ('WPLANG', '');
/* That's all, stop editing! Happy blogging. */
define('ABSPATH', dirname(__FILE__).'/');
Hopefully you get the idea. Save your sensitive information in a non-WWW location, and have the WP-Config file read it in. This way you won’t have to change anything if you have to upgrade WordPress.

This Tutorial is not mine, Author is kind of my big brother and lot lot better than me :) 


Anonymous said...

I'm curious to find out what blog system you are working with? I'm experiencing some minor
security issues with my latest site and I would like to find something more
risk-free. Do you have any solutions?

Feel free to surf to my homepage :: diet plans that work fast

Post a Comment