« WordPress updates via Subversion | Main | freshclam: "Problem with internal logger" »
June 02, 2006
WordPress security tip
Add the following to the .htaccess file at the top level of your WordPress install:
<FilesMatch ^wp-config.php$> deny from all </FilesMatch>
This will make it harder for your database username and password to fall into the wrong hands in the event of a server problem. Better still would be to move the username and password outside of the document root entirely and include or require it but that would require you to turn off PHP Safe Mode and/or the open_basedir restriction, which I don't recommend with a product like WordPress which is both popular and has a less-than-perfect security record.
Posted by wincent at June 2, 2006 06:55 PM