Stephanie Leary

Writer and WordPress consultant

  • Books
    • Content Strategy for WordPress (2015)
    • WordPress for Web Developers (2013)
    • Beginning WordPress 3 (2010)
  • Blog
    • Fascism Watch (2016-17)
    • Content Modeling for WordPress series
    • WordPress Hidden Gems series
  • Work
    • Portfolio
    • Services
    • WordPress Plugins
    • WordPress Themes
    • Presentations and Interviews
    • on GitHub →
  • About
    • Press Kit
  • Contact
    • Mailing List

WordPress Hidden Gems: Hiding wp-config.php

September 27, 2010 Stephanie Leary 5 Comments

Your configuration file contains your database username and password, so it’s important to keep this file secure. If you are installing WordPress in your web root directory (such as public_html), you can move your wp-config.php file to the parent directory — one that isn’t readable from a browser — without changing any settings. WordPress will automatically recognize the file’s new location.

Find all the WordPress Hidden Gems in [link id=”2675″]Beginning WordPress 3[/link].

WordPress security

Comments

  1. Andrew Nacin says

    September 27, 2010 at 6:22 pm

    This is a helpful tip, and I really enjoy this series.

    Sometimes, some people ask why we don’t support it being two or more directories up, for installs in a subdirectory of public_html. The reason is this isn’t actually designed for security (even though it can certainly be used for that), but rather for SVN externals. Ideally, you’d block access to the file via Apache for that extra security.

    Reply
    • steph says

      September 28, 2010 at 1:22 pm

      Thank you! I really appreciate all your comments.

      I hadn’t thought about SVN externals, but that makes perfect sense. I think Josiah Cole’s list of .htaccess modifications includes the line that secures wp-config.php, among many other useful things.

      Reply
  2. teamsiems says

    September 28, 2010 at 8:10 am

    What about multiple WP installs in multiple sub-domains where main is …/public_html/ and subs are …/public_html/sub/ You can’t move the sub’s wp-config up one level and you can’t have multiple wp-config files sitting in root.

    I think that’s where Andrew’s idea is required.

    Reply
    • steph says

      September 28, 2010 at 1:23 pm

      Yes, in that case you’d have to use the .htaccess method instead.

      Reply
    • Shelley says

      October 1, 2010 at 4:21 pm

      Of course if you’re going to do that you might as well activate the network with subdirectories and make life MUCH easier all the way around, yes?

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest WordPress Book

Content Strategy for WordPress

A short book for content strategists and managers on implementing a complete content strategy in WordPress: evaluation, analysis, content modeling, editing and workflows, and long-term planning and maintenance.

Read the sample chapter

Kindle Nook iBooks Kobo Smashwords

WordPress for Web Developers

WordPress for Web Developers (9781430258667)

This is a book for professional web designers and developers who already know HTML and CSS, and want to learn to build sites with WordPress. The book begins with a detailed tour of the administration screens and settings, then digs into server-side topics like performance and security. The second half of the book is devoted to development: learning to build WordPress themes and plugins.

This is the second, much-revised and updated edition of Beginning WordPress 3, with a more accurate title. Everything’s been updated for WordPress 3.6.

WordPress for Web Developers is out now. See what's inside...

The best WordPress features you’ve never noticed

  • WordPress Hidden Gems: Screen Options
  • WordPress Hidden Gems: Bulk Edit
  • WordPress Hidden Gems: Private Status
  • WordPress Hidden Gems: Dashboard Feed Readers
  • WordPress Hidden Gems: Options.php

Content Modeling for WordPress series

  • Content modeling for WordPress, part 1: analyze content
  • Content modeling for WordPress, part 2: functional and organizational requirements
  • Content modeling for WordPress, part 3: a sample content model

This is an excerpt from Content Strategy for WordPress.My latest books are Content Strategy for WordPress (2015) and WordPress for Web Developers (2013). Sign up to be notified when I have a new book for you.

Copyright © 2022 Stephanie Leary