Considering the information that is in the wp-config file, how secure is this file? I have password salts in place, but can someone view this file? Or to what level of difficulty can some view the contents?
Asked
Active
Viewed 244 times
2 Answers
3
This is really more of a server configuration question. By necessity, wp-config.php must be readable by WordPress itself, but file access/security beyond that is really a matter of how your server is configured.
- Refer to the Codex for recommended file permissions for WordPress.
- Refer to the Codex for recommended ways to secure
wp-config.php - Refer to this related WPSE question/answer regarding moving
wp-config.phpout of the web root entirely
Chip Bennett
- 55,109
- 8
- 91
- 170
0
This could be hacked if for example a bad plugin is installed and creates flaws. This could be hacked because of the CRSF flaw that is to say a hacker utilizes an approved user account to make bad things.
You could start with this in .htaccess:
<files wp-config.php>
order allow,deny
deny from all
</files>
But there is not an absolute protection.
JMau
- 2,923
- 5
- 21
- 27