Secure wp-config.php File With htaccess
Your wp-config.php file stores all of your config variables for your WordPress site. If someone has access to this file they will be able to see your database username and password.
When you first install WordPress there is a default wp-config-sample.php file which you need to rename and modify.
To keep this secure you can move this file outside of the WordPress root folder, WordPress is able to find this file one level up from the root.
Another way to secure the wp-config.php file is to use htaccess to deny access for everyone trying to access it. To use htaccess to deny access, add the following snippet in your htaccess file.
<Files wp-config.php> Order Allow,Deny Deny from all </Files>
You can even use this same technique to help protect your htaccess file, just add the following to your htaccess file to protect itself.
<Files .htaccess> order allow,deny deny from all </Files>
Learn how to code with Treehouse
- Learn projects with access to 1000+ videos
- Practice live with our Code Challenge Engine
- Get help in our members-only forums
Join the weekly newsletter
Sign up for our newsletter. You'll be updated on new tutorials as they come available.
Subscribe today and get a 50% discount code to Paulund