How to Protect WordPress wp-config File in WordPress

How to Protect WordPress wp-config File in WordPress

How to Protect WordPress wp-config.php File

How to Protect WordPress wp-config File in WordPress-: Do you want to secure your wp-config file? keep reading this post I will explain how you can protect your wp-config file using htaccess file.WordPress is one of the most popular CMS with over 35% of internet website are build on WordPress CMS at this time of writing this post.

There other CMS like Squarespace, Joomla, Drupal etc but use by only fewer sites. WordPress is far ahead as compared to its competitor. Previously WordPress users to create a blog or website But now WordPress core code changed a lot as well as a massive ecosystem of plugins and theme, you can create any type of website with WordPress.

As WordPress is more popular CMS, therefore, it is the main target for a hacker. As per Sucuri WordPress accounted for 90 per cent of all hacked CMS sites in 2018.WordPress is very secure by default itself most of the security breach occurs due to the use of theme and plugin from unauthorized sources.

When we Install WordPress, We actually download a group of files known as WordPress core files that become admin interface of our website. WordPress core files make up the appearance and functionality of the WordPress platform, and content files are added by the user in the form of themes, plugins, and images. wp-config file have big importance because it tells WordPress where to find your site’s database.  

.htaccess is a configuration file for use on web servers running the Apache Web Server software. When a .htaccess file is placed in a directory which is in turn ‘loaded via the Apache Web Server’.If your website hosted on Nginx server you will not have .htaccess file. In Nginx, you will use the try_files directive to accomplish the same thing.By default, the configuration file is named nginx.conf and placed in the directory /usr/local/nginx/conf , /etc/nginx or /usr/local/etc/nginx

Overview of wp-config File in WordPress-:

WordPress website has many core files, wp-config.php file is one of them. A wp-config.php file contains sensitive information like Database, Host, user name and password. This information allows WordPress to communicate with the database to store and retrieve data (e.g. Posts, Users, Settings, etc).

The file is also used to define advanced options for WordPress. wp-config.php file does snot comes with default with WordPress installation, it gets generated when we install WordPress for the first time. The wp-config.php file is usually located in the root folder of your website with other folders like /wp-content/.

How to Protect WordPress wp-config.php File

Protect WordPress wp-config File in WordPress using .htaccess File-:

.htaccess is another sensitive file for use on web servers running the Apache Web Server software. Most of the WordPress Hosting provides uses Apache web server and some hosting provider like Kinsta uses Nginx server. A wp-config.php file contains sensitive information like Database, Host, user name and password so it is very important to secure wp-config.php file.

WordPress wp-config.php file does come with default WordPress installation it gets created when we install WordPress for the first time. to bulletproof your wp-config.php file add the following line of code to your .htaccess file. Please Note-: before editing, you .htaccess file take its backup. If .htaccess file is missing then read my complete guide on How to Create a .htacces file Manually in WordPress.

<files wp-config.php>
order allow,deny
deny from all
</files>

Above code will disable editing of the wp-config.php file. As .htacces file direct communicate to Hosting server above code will send an instruction to server not to allow edit of wp-config file. if you want to modify  wp-config.php file remove the above code from .htaccess file. This will add an extra layer of security to your WordPress website.

Conclusion-: A wp-config.php file contains sensitive information like Database, Host, user name and password so it is a must-have thing to safeguard your wp-config.php file. the above method will add an extra layer of security to your WordPress website.

Thanks for reading…“Pardon my grammar, English is not my native tongue.”

If you like my work, Please Share on Social Media! You can Follow WP knol on Facebook, Twitter, Pinterest and YouTube for latest updates. You may Subscribe to WP Knol Newsletter to get latest updates via Email. You May also Continue Reading my Recent Posts Which Might Interest You.

Share the Knowledge!
  • 169
  • 119
  •  
  •  
  • 2
  •  
  •  
  •  
    290
    Shares
Amar Patel on FacebookAmar Patel on PinterestAmar Patel on TwitterAmar Patel on Wordpress
Amar Patel
Hi, I am Amar Patel from India. Founder, Author and Administrator of wpknol.com. I am a Simple Average Man who Loves life and Love living life.Professionally I am a Mechanical Engineer. Apart from my Job, I Love to write the things around WordPress WordPress CMS.
Enter your email address: Delivered by FeedBurner
Follow us on Social Media