Protecting your WordPress website from hackers is very essential in day to day world because hackers are increasing now. Thousands of WordPress blogs get hacked daily due to poor security and hosting company issues.
Img: credit
What is wp-config.php?
WordPress is just an operating system very similar our famous window operating system. As in case of window there are many files which required running the windows. Similarly WordPress has many .php files that have their own functions. The wp-config.php file is present in self hosted WordPress site and it is used for storing many confidential parameters like WordPress database name, password, authentication keys etc. first time run of any WordPress installation creates the wp-config.php file.
How to protect your WordPress website by moving the wp-config.php t another secrete location?
After discussing too many possibilities of hacking we should have a perfect way to protect your wp-config.php file. The best way to protect the wp-config.php file from hackers is that move it to another location which is not accessible from area outside of cPanel. Because the cpanel is only accessible to the website owner and it will be better for that.
Procedure to change the default location of wp-config.php in WordPress:
First this is that the wp-config.php is located in your main root folder of the hosting under public_html. So in simple language it is yourdomain.com/wp-config.php.
We change its location to a area which is outside of public_html.
- Inside your cpanel click on file manager and click on home and create another folder outside the public_html area.
- Then move your original wp-config.php file to this folder. (In this I created a folder name conff) See the image
- Create a file name wp-config.php in your pc by using the notepad and paste the following code in it.
[php]<!–?php <br ?–>include(‘/home/<strong>YOURUSERNAME</strong>/conff/wp=config.php’);
?>[/php]
In above code replace the YOURUSERNAME with your one. See the image for more detail.
- Now upload the file in your public_html at where your original wp-config.php file was.
So now we have successfully changed the default location of your file.
Possible Errors during this method:
- Fatal error message:
If you are getting this type of error
Fatal error: Call to undefined function wp() in /wp-blog-header.php on line xx
That means you have not written the correct usename and the path to your new location of wp-config.php. So check the path and usename.
- Error saying that there is no wp-config.php file:
If you are getting such error then it means that you have not uploaded that new wp-config.php file to your cpanel public_html .
If you still facing any error feel free to comment here.
Some wordpress related post that you must read:
- Why I blacklisted in the Akismet Database and How I Recover my email and URL from that
- How to integrate Related Post in Mystique theme manually – WordPress
- How to find which site using which wordpress plugin
About 
Hi there,
A great basic way of keeping out the automatic hacker bots, is by changing the WordPress table prefix.
The WordPress table prefix is wp_ by default. You can change this prior to installing WordPress by changing the $table_prefix value in your wp-config.php file.
If a hacker is able to exploit your website using SQL Injection, this will make it harder for them to guess your table names and quite possibly keep them from doing SQL Injection at all. SQL Injection happens when a developer accepts user input that is directly placed into a SQL Statement and doesn’t properly filter out dangerous characters.
This can allow an attacker to not only steal data from your database, but also modify and delete it. Make sure you take a good backup before doing this though, and perform it at your own risk.
Thanks.
Norbert
Thanks for your valuable suggestion Norbert ..
instead of using the ‘home/username/conff/wp-config.php’ that reveals the username
use ‘../conff/wp-config.php’