How to Prevent Config.php from Being Reachable on the Web
The config.php, or wp-config.php in the case of WordPress sites, controls the database access for your website. The log-in password and user name are available for anyone to read and for hackers to disrupt anything they want. To prevent your config.php from being reachable on the web, you need to edit the .htaccess file that controls how your important web elements may be accessed. The process takes just a few minutes but can save you hours of grief from a hacker attack.
Other People Are Reading
Instructions
-
-
1
Navigate to your website hosting account control panel log-in screen. Enter your credentials to open your control panel.
-
2
Open your file manager for access to the files on your website server. This is usually labelled "File Manager" or "FTP manager" on most hosting accounts.
-
-
3
Open your website in the explorer panel to view your file list.
-
4
Click on the .htaccess file in the explorer panel and click the download button to save the file to your desktop.
-
5
Right-click on the downloaded file and select "Open With," then "Notepad."
-
6
Add the following code to the .htaccess file:
# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>
-
7
Save the file, then return to the file manager in your control panel and click to upload a file to your site.
-
8
Select the .htaccess file on your desktop and click "Upload" to prevent your config.php from being reachable on the web.
-
1
Tips & Warnings
Substitute "wpconfig.php" and "wp-config.php" with "config.php" in the code for websites that are not controlled by WordPress.
