Alongside with the usual intrusions or hacks to your wordpress wp-login file and your admin folder is a neglected file of the out-most importance, the wp-config file.
To secure and protect your admin folder and wp-login file, please refer to this post.
The wp-config.php file stores most of your wordpress configuration settings.
The file can be found in the root “/” folder of your wordpress website.
How to protect the wp-config.php?
1. This easy code add-on to your .htaccess avoids lot’s of miss guided intentions. The .htaccess is also located in your wordpress root “/” folder and, if it does not exist you may create one. Simply add the below lines to it:
deny from all
2. If you are security crazy like we are, after all we are “linux geeks”, then we recommend you to extend the security even further by changing read write rights to your wp-config.php file. Do not change the ownership of the file, just the read / writes. Here’s how-to from the terminal line of our beloved linux, Ubuntu Server distro:
# cd /var/www/path to your wordpress root folder
now that you are inside your root folder run this command
# sudo chmod 644 wp-config.php
The 644 permission means the owner can read and write but everybody else can only read, therefore not able to change the file.
3. Wanna go overboard? Not recommended for novices.You can actually move the wp-config.php file to a location outside your website root “/” folder.
Depending of your hosting provider, you will need an hosting setup that grants you access outside your website root folder, example your dedicated server or VPS “virtual private server”.
Once the safe location is found and the wp-config.php copied to this new location, you need to correct all paths inside the file so they match with your website root folder. To put it simply, your website needs to find your wp-config file and, your wp-config file needs to know the home base location.