Your configuration file contains your database username and password, so it’s important to keep this file secure. If you are installing WordPress in your web root directory (such as
public_html), you can move your
wp-config.php file to the parent directory — one that isn’t readable from a browser — without changing any settings. WordPress will automatically recognize the file’s new location.
Find all the WordPress Hidden Gems in [link id=”2675″]Beginning WordPress 3[/link].
Andrew Nacin says
This is a helpful tip, and I really enjoy this series.
Sometimes, some people ask why we don’t support it being two or more directories up, for installs in a subdirectory of
public_html. The reason is this isn’t actually designed for security (even though it can certainly be used for that), but rather for SVN externals. Ideally, you’d block access to the file via Apache for that extra security.
Thank you! I really appreciate all your comments.
I hadn’t thought about SVN externals, but that makes perfect sense. I think Josiah Cole’s list of
.htaccessmodifications includes the line that secures
wp-config.php, among many other useful things.
What about multiple WP installs in multiple sub-domains where main is …/public_html/ and subs are …/public_html/sub/ You can’t move the sub’s wp-config up one level and you can’t have multiple wp-config files sitting in root.
I think that’s where Andrew’s idea is required.
Yes, in that case you’d have to use the
Of course if you’re going to do that you might as well activate the network with subdirectories and make life MUCH easier all the way around, yes?