You are currently looking at an older section of the wincent.dev website.
Please check the new version of the site at https://wincent.dev/ for updated content.

wincent knowledge base

« WordPress updates via Subversion | Main | freshclam: "Problem with internal logger" »

June 02, 2006

WordPress security tip

Add the following to the .htaccess file at the top level of your WordPress install: 

<FilesMatch ^wp-config.php$>
deny from all
</FilesMatch>

This will make it harder for your database username and password to fall into the wrong hands in the event of a server problem. Better still would be to move the username and password outside of the document root entirely and include or require it but that would require you to turn off PHP Safe Mode and/or the open_basedir restriction, which I don't recommend with a product like WordPress which is both popular and has a less-than-perfect security record.

Posted by wincent at June 2, 2006 06:55 PM