Close Menu
    Facebook X (Twitter) Instagram
    Facebook X (Twitter) Pinterest LinkedIn
    XtendedViewXtendedView
    • Home
    • Technology
      • How to
      • News
      • Computer
      • Windows
    • Internet
      • WordPress
      • Web
      • Google
      • Marketing
      • Social Media
    • Gadgets
      • iOS
      • Android
      • Games
    • About
      • Our Team
    • Contact us
    XtendedViewXtendedView
    Home»Wordpress»4 Ways: How to Protect wp-config.php of your WordPress from Hackers

    4 Ways: How to Protect wp-config.php of your WordPress from Hackers

    Tushar ThakurBy Tushar Thakur14 Comments3 Mins Read Wordpress
    Facebook Twitter Pinterest LinkedIn Telegram Tumblr Email
    Share
    Facebook Twitter LinkedIn Pinterest Email

    WordPress is now the most using CMS all over world. So obviously the WordPress hackers are increased. This post will guide you to protect your WordPress from those hackers who interested to target your main security file named wp-config.php. We will see the different methods to protect wp-config.php file.

    Image Rights reserved at respected owner.

    What is wp-config.php?

    The wp-config.php is a file inside your WordPress supporting files directory. It has the username and passwords for the MySql database, special signature of authority.

    To know about wpconfig.php read this post:

    • What is wp-config.php?

    Why hackers target wp-config.php mostly?

    As mentioned above the file contains very sensitive and important password information the first target of any hacker is to edit or modify the wp-config.php file. Once the hacker got the access to this file it can harm your site in any way. It can delete your post or anything that harm your site.

    What hackers can do after modifying your wp-config.php file?

    • They can delete your post
    • Add likes to any spam websites behalf of you
    • Delete your hosting files.
    • Modify users of site.
    • Run illegal script on your site.
    • De-index you from search engines from Google.
    • Add 301 permanent redirect to your all site’s url to any other url

    1)      By using .htaccess method:

    .htcaccess is a file that exists inside the root directory of your hosting. This file can use to set control the visitors that coming in the root directory.

    This is very simple.

    Go to your root directory i.e. where your wp-config.php saved and you will find file named “.htcaccess” just edit it and add the following code to it.

    [php]
    <Files wp-config.php>
    order allow,deny
    deny from all
    </Files>
    [/php]

    2)        By moving wp-config.php to other location:

    To see how this can be done read this post:

    • Simplest way to move your wp-config.php file to another location in WordPress

    3)       By setting permissions 644 from cpanel:

    By default the permission all WordPress core files are set to 644 but sometimes when you edit files inside your cPanel and save it again the permission may change. It is very important to check the permissions because it you change the permission of any file by mistake then it will be very easy for hackers to hack your WordPress.

    See image below, It is taken from file FTP client:

    change wp file permission
    change wp file permission

    4) Set your own Secret keys inside wp-config.php file

    Wp-config.php has many security keys. They are nothing random phases used for the security reasons. Use your own custom security keys can stop any hacking attack to your WordPress. You can generate random keys here.

    Recommended Readings:

    • Windows live writer to your wordpress site
    • Procedure to add Breadcrumb (page navigation) to alltuts theme wordpress
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Tushar Thakur
    • Website

    Tushar is founder of Xtendedview. He love to experiments on different gadgets, software/apps. He is professional blogger and Internet marketer. He is Interested in electronics and computers, Internet technology, Search Engine Optimization, Internet Marketing. Running online business and Blogs

    Related Posts

    How To Change MAC Address Of Android With or Without Rooting

    How to Fix Mouse Lag in Windows 10

    8 Best SpeedFan Alternatives for Computers for Windows and Mac

    How to Make your Existing PC to Run on Windows 10 smoothly

    10 Best Android Apps to Scan Documents from your Mobile (Free and Paid)

    How to Remove Write Protection From Micro SD Card

    View 14 Comments

    14 Comments

    1. Rudraksh Pathak on February 22, 2012 2:31 pm

      Very useful tips Tushar. Well WordPress blogs are easy to hack

      Reply
      • Tushar on February 22, 2012 6:09 pm

        Thank you for the comment. :))

        Reply
    2. Celita on March 6, 2012 11:10 am

      Very useful information, and quite on time for my site. Thanks!

      Reply
      • Tushar on March 6, 2012 7:58 pm

        You are welcome. 🙂

        Reply
    3. Saqib on March 10, 2012 12:39 am

      Can you tell me where to paste that code in htaccess?

      Reply
      • Tushar on March 10, 2012 9:02 am

        Just paste the code in the last.

        Reply
    4. avi on April 4, 2012 7:30 pm

      thanks for this useful information. please tell me where to paste .htaccess code ?

      Reply
      • Tushar on April 4, 2012 8:51 pm

        Go to your Cpanel and edit the .htcaccess file and put the code in the last line.

        Reply
    5. ashish on November 17, 2012 12:11 pm

      how to protect wordpress blogs especially from sql injection attacks?

      Reply
    6. Rick Ainso on May 21, 2019 5:20 pm

      Valuable piece of content.

      Reply
    7. Kevin Emma on June 2, 2019 11:26 pm

      Thanks for helping! But I think some plugin will conflict this .htacesss modification, isn’t it right?

      Reply
    8. Scott Brown on February 9, 2022 10:22 am

      Hi
      I am having issues with hackers.
      I have tried steps 1, 2 & 3.
      I have found that a hacker is injecting code at the start of the wp-config.php file.
      Moving this file will not stop this injection as the wp-config.php file is still in the root directory.

      Do you have any other suggections?
      Thanks

      Reply
      • Tushar Thakur on February 10, 2022 6:29 pm

        Hi,

        Did you tried to contact Hosting provider?

        Reply
    9. Saguna on June 24, 2023 7:53 pm

      Thank you for your article.
      Through which do hackers usually enter our website WordPress based?

      Reply
    Leave A Reply Cancel Reply

    Stay In Touch
    • Facebook
    • Twitter
    • Pinterest
    • LinkedIn

    How To Change MAC Address Of Android With or Without Rooting

    How to Fix Mouse Lag in Windows 10

    Top 5 Grammar Checkers (Must Have Tools)

    8 Best SpeedFan Alternatives for Computers for Windows and Mac

    Recent Posts

    How To Change MAC Address Of Android With or Without Rooting

    How to Fix Mouse Lag in Windows 10

    Top 5 Grammar Checkers (Must Have Tools)

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    About

    At Xtendedview, we simplify tech and blogging for everyday users. Our goal is to share real, practical tips, while helping you avoid the mistakes we’ve already made. From gadgets to blogging hacks and money-making strategies, every article is written to actually help. Whether you're just starting out or looking to grow, we’re here to support your journey online.

    Facebook X (Twitter) Pinterest LinkedIn
    Some Rights Reserved. Xtendedview | © 2011 - 2025 | Site Map | Privacy Policy .

    Type above and press Enter to search. Press Esc to cancel.