Making sure that wp-config
is secure is pretty simple. The only people who should have access to the file are you and the user your web server runs as.
Sometimes, for whatever reason, people will try to surf to your wp-config.php
file. Won't do them much good in most cases, but there's another .htaccess
trick we can employ to ensure that they're not allowed to get to wp-config.php
. The following code is what's needed to deny access to wp-config.php
:
<files wp-config.php> order allow,deny deny from all </files>
You'll need to add the preceding code to your main .htaccess
file, the one sitting in the same folder as wp-config.php
. So, using FileZilla again, view/edit the main .htaccess
file and add the preceding code to it. The following screenshot shows what your .htaccess
file should look like with the preceding code added: