XtendedView

4 Ways: How to Protect wp-config.php of your WordPress from Hackers

Author:     15 Comments  

LinkedInPin

WordPress is now the most using CMS all over world. So obviously the WordPress hackers are increased. This post will guide you to protect your WordPress from those hackers who interested to target your main security file named wp-config.php. We will see the different methods to protect wp-config.php file.

Image Rights reserved at respected owner.

What is wp-config.php?

The wp-config.php is a file inside your WordPress supporting files directory. It has the username and passwords for the MySql database, special signature of authority.

To know about wpconfig.php read this post:

Why hackers target wp-config.php mostly?

As mentioned above the file contains very sensitive and important password information the first target of any hacker is to edit or modify the wp-config.php file. Once the hacker got the access to this file it can harm your site in any way. It can delete your post or anything that harm your site.

What hackers can do after modifying your wp-config.php file?

  • They can delete your post
  • Add likes to any porn or spam websites behalf of you
  • Delete your hosting files.
  • Modify users of site.
  • Run illegal script on your site.
  • De-index you from search engines from Google.
  • Add 301 permanent redirect to your all site’s url to any other url

1)      By using .htaccess method:

.htcaccess is a file that exists inside the root directory of your hosting. This file can use to set control the visitors that coming in the root directory.

This is very simple.

Go to your root directory i.e. where your wp-config.php saved and you will find file named “.htcaccess” just edit it and add the following code to it.

[php]
<Files wp-config.php>
order allow,deny
deny from all
</Files>
[/php]

2)        By moving wp-config.php to other location:

To see how this can be done read this post:

3)       By setting permissions 644 from cpanel:

By default the permission all WordPress core files are set to 644 but sometimes when you edit files inside your cPanel and save it again the permission may change. It is very important to check the permissions because it you change the permission of any file by mistake then it will be very easy for hackers to hack your WordPress.

See image below, It is taken from file FTP client:

change wp file permission

change wp file permission

4) Set your own Secret keys inside wp-config.php file

Wp-config.php has many security keys. They are nothing random phases used for the security reasons. Use your own custom security keys can stop any hacking attack to your WordPress. You can generate random keys here.

Recommended Readings:

Comments

  2. Celita says

    Very useful information, and quite on time for my site. Thanks!

    Reply

  3. Saqib says

    Can you tell me where to paste that code in htaccess?

    Reply

  4. avi says

    thanks for this useful information. please tell me where to paste .htaccess code ?

    Reply

    • Tushar says

      Go to your Cpanel and edit the .htcaccess file and put the code in the last line.

      Reply

  5. ashish says

    how to protect wordpress blogs especially from sql injection attacks?

    Reply

  7. Kevin Emma says

    Thanks for helping! But I think some plugin will conflict this .htacesss modification, isn’t it right?

    Reply

Trackbacks

  1. […] WordPress and Google Adsense is now the most used combination to make money online. It is very easy to install the Google ads on WordPress powered site and also we can expect a good CTR on the pages. WordPress has a facility to preview the posts before publishing. This creates error of crawling for both Google search engine bot and Adsense page crawling bot. […]

    Reply

  3. […] profile publics online, it can be at risk to internet theft and frauds. Create fake identity, h@ckers can create fake identity, bank accounts and money make a valid under your name. You should install security solution online […]

    Reply

  4. […] Protecting the security of important documents on your computer might require that you encrypt them so that ordinary users won’t gain unsolicited access to them. Encryption protects your file by making them inaccessible to others who do not have the privilege to know your password. […]

    Reply

 Comment Policy

Your words are your own, so be nice and helpful if you can. Please, only use your REAL NAME, not your business name or keywords. Using business name or keywords instead of your real name will lead to the comment being deleted. Anonymous commenting is not allowed either. Limit the amount of links submitted in your comment. We accept clean XHTML in comments, but don't overdo it please. You can wrap code in [lang-name][/lang-name] tags.


Tell us what you're thinking...

If you want a picture to show with your comment, then get Gravatar!