wp-config.php is the most sensitive file within a WordPress installation, containing all of your database login details.
1. Move wp-config.php
By default wp-config.php, which contains all your most sensitive data, is stored in the top level directory of your blog. What few people know however is that you can actually move this file to the directory above its default location.
If WordPress is installed in the /public_html directory this allows you to move the file completely out of public access.
2. Deny public access to wp-config.php
Add the following code to the .htaccess file thats in the same directory as your wp-config.php file.
# protect wp-config.php
<files wp-config.php>
Order deny,allow
deny from all
</files>
3. Use the Perishable 3G Blacklist
The 3G Blacklist is a block of code put together by Jeff Starr that you drop into your .htaccess file to fight the majority of common security exploits. While not strictly a Wordpress-related .htaccess hack it’s a must have for anyone running on an Apache-based server (which would be most people reading this guide).
To find out how to make use of this brilliant resource visit the official site.
