How To Protect Wp-config.php
Today we will be try to protect our wp-config.php file as we know that
wp-config.php file contains very sensitive information about your WP
Installation and database access, table prefix and Secret Keys.
The wp-config.php file is a standard of WordPress installation.
Now question is that how we protect it.
You certainly don't want this file falling into the wrong hands.
How to protect your WordPress wp-config.php file:
I will be tell you two basic methods which will protect your wp-config.php file
First I will be tell you how to protect it through .htaccesss file.
1. Download your .htaccess file from the server. This is located in the same section as your wp-config.php or index.php file. (If you don't have an .htaccess file, then you will need to create one.
2. Using a text editor, like Notepad, open your .htaccess file.
3. Copy and paste the following code into your .htaccess file to deny access to your wp-config.php file.
# protect wpconfig.php
order allow,deny
deny from all
The second method which I am telling you guys is by protecting the
wp-config by moving the file to unpredictable location.
Ok example that web include path for your server was /home/Name/public_html/
You can actually save a file in the /homeName/ area and it won’t be web accessible. Meaning that even if somebody were able to read your wp-config, they wouldn’t get anything valuable.
First step
Create a “config.php”
Within this config.php file I included the following:
define('DB_NAME', 'your_db_name'); // The name of the database
define('DB_USER', 'your_db_username'); // Your MySQL username
define('DB_PASSWORD', 'your_db_pass'); // DB Password
define('DB_HOST', 'localhost'); // Localhost
$table_prefix = 'yourdbprefix_'; // Only numbers, letters, and underscores please!
?>
uploaded this file to a non-WWW readable location. Normally this should be the directory before “public_html” or “www”.
Modify the WP-Config
I then modified the “wp-config.php” file to include the file. If somebody were to some how read the contents of my WP-Config, all they would see is this:
include('/home/Name/config.php');
// Change this to localize WordPress. A corresponding MO file for the
// chosen language must be installed to wp-includes/languages.
// For example, install de.mo to wp-includes/languages and set WPLANG to 'de'
// to enable German language support.
define ('WPLANG', '');
/* That's all, stop editing! Happy blogging. */
define('ABSPATH', dirname(__FILE__).'/');
require_once(ABSPATH.'wp-settings.php');
?>
Hopefully you get the idea. Save your sensitive information in a non-WWW location, and have the WP-Config file read it in. This way you won’t have to change anything if you have to upgrade WordPress.
The wp-config.php file is a standard of WordPress installation.
Now question is that how we protect it.
You certainly don't want this file falling into the wrong hands.
How to protect your WordPress wp-config.php file:
I will be tell you two basic methods which will protect your wp-config.php file
First I will be tell you how to protect it through .htaccesss file.
1. Download your .htaccess file from the server. This is located in the same section as your wp-config.php or index.php file. (If you don't have an .htaccess file, then you will need to create one.
2. Using a text editor, like Notepad, open your .htaccess file.
3. Copy and paste the following code into your .htaccess file to deny access to your wp-config.php file.
# protect wpconfig.php
order allow,deny
deny from all
The second method which I am telling you guys is by protecting the
wp-config by moving the file to unpredictable location.
Ok example that web include path for your server was /home/Name/public_html/
You can actually save a file in the /homeName/ area and it won’t be web accessible. Meaning that even if somebody were able to read your wp-config, they wouldn’t get anything valuable.
First step
Create a “config.php”
Within this config.php file I included the following:
define('DB_NAME', 'your_db_name'); // The name of the database
define('DB_USER', 'your_db_username'); // Your MySQL username
define('DB_PASSWORD', 'your_db_pass'); // DB Password
define('DB_HOST', 'localhost'); // Localhost
$table_prefix = 'yourdbprefix_'; // Only numbers, letters, and underscores please!
?>
uploaded this file to a non-WWW readable location. Normally this should be the directory before “public_html” or “www”.
Modify the WP-Config
I then modified the “wp-config.php” file to include the file. If somebody were to some how read the contents of my WP-Config, all they would see is this:
include('/home/Name/config.php');
// Change this to localize WordPress. A corresponding MO file for the
// chosen language must be installed to wp-includes/languages.
// For example, install de.mo to wp-includes/languages and set WPLANG to 'de'
// to enable German language support.
define ('WPLANG', '');
/* That's all, stop editing! Happy blogging. */
define('ABSPATH', dirname(__FILE__).'/');
require_once(ABSPATH.'wp-settings.php');
?>
Hopefully you get the idea. Save your sensitive information in a non-WWW location, and have the WP-Config file read it in. This way you won’t have to change anything if you have to upgrade WordPress.
Note: this Tut is Written By Hitcher
each and every credit g0es t0 Hitcher Bro ;)
Thank Y0u very much <3
Commentaires
Enregistrer un commentaire