Deny Access to wp-config.php

Just like we can deny access to readme.html, it’s possible to deny public access to wp-config.php using the .htaccess file. But, before doing this, ask yourself this question:

Is your blog installed in the /public_html folder?

If it is, then instead of using .htaccess to prevent public access to the file, it’d probably be better to move the wp-config.php file.

For everyone else, add the following code to the .htaccess file thats in the same directory as your wp-config.php file.

# protect wp-config.php
<files wp-config.php>
Order deny,allow
deny from all
</files>

You might also want to read...

AskApache Password Protect
How to Secure WordPress, a Quick Start Guide
Move wp-config.php
Hide the Version Number
Email Backups
Stealth Login
WordPress Firewall

This entry was posted on Monday, October 5th, 2009 at 3:48 pm and is filed under .htaccess Hacks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Deny Access to wp-config.php

You might also want to read...

Leave a Reply