XtendedView

  • Facebook
  • Pinterest
  • RSS
  • Twitter
  • Home
  • Technology
    • How to
    • News
    • Computer
    • Windows
  • Internet
    • WordPress
    • Web
    • Google
    • Marketing
    • Social Media
  • Gadgets
    • iOS
    • Games
    • Android
  • Advertise
  • About
    • Write For Us | Tech Guest Posts
    • Our Team
  • Contact us

4 Ways: How to Protect wp-config.php of your WordPress from Hackers

Author: Tushar Thakur   Last updated on: January 12, 2021    11 Comments  

FacebookTweetLinkedInPin

WordPress is now the most using CMS all over world. So obviously the WordPress hackers are increased. This post will guide you to protect your WordPress from those hackers who interested to target your main security file named wp-config.php. We will see the different methods to protect wp-config.php file.

Image Rights reserved at respected owner.

What is wp-config.php?

The wp-config.php is a file inside your WordPress supporting files directory. It has the username and passwords for the MySql database, special signature of authority.

To know about wpconfig.php read this post:

  • What is wp-config.php?

Why hackers target wp-config.php mostly?

As mentioned above the file contains very sensitive and important password information the first target of any hacker is to edit or modify the wp-config.php file. Once the hacker got the access to this file it can harm your site in any way. It can delete your post or anything that harm your site.

What hackers can do after modifying your wp-config.php file?

  • They can delete your post
  • Add likes to any spam websites behalf of you
  • Delete your hosting files.
  • Modify users of site.
  • Run illegal script on your site.
  • De-index you from search engines from Google.
  • Add 301 permanent redirect to your all site’s url to any other url

1)      By using .htaccess method:

.htcaccess is a file that exists inside the root directory of your hosting. This file can use to set control the visitors that coming in the root directory.

This is very simple.

Go to your root directory i.e. where your wp-config.php saved and you will find file named “.htcaccess” just edit it and add the following code to it.

[php]
<Files wp-config.php>
order allow,deny
deny from all
</Files>
[/php]

2)        By moving wp-config.php to other location:

To see how this can be done read this post:

  • Simplest way to move your wp-config.php file to another location in WordPress

3)       By setting permissions 644 from cpanel:

By default the permission all WordPress core files are set to 644 but sometimes when you edit files inside your cPanel and save it again the permission may change. It is very important to check the permissions because it you change the permission of any file by mistake then it will be very easy for hackers to hack your WordPress.

See image below, It is taken from file FTP client:

change wp file permission

change wp file permission

4) Set your own Secret keys inside wp-config.php file

Wp-config.php has many security keys. They are nothing random phases used for the security reasons. Use your own custom security keys can stop any hacking attack to your WordPress. You can generate random keys here.

Recommended Readings:

  • Windows live writer to your wordpress site
  • Procedure to add Breadcrumb (page navigation) to alltuts theme wordpress

FacebookTweetLinkedInPin

Filed Under: Wordpress    Tagged: evergreen

More on XtendedView Right Now!

  • Why I blacklisted in the Akismet Database and How I Recover my email and URL from thatWhy I blacklisted in the Akismet Database and How I Recover my email and URL from that

  • How to integrate Related Post in Mystique theme manually – WordPressHow to integrate Related Post in Mystique theme manually – WordPress

  • Simplest way to move your wp-config.php file to another location in WordPress for securitySimplest way to move your wp-config.php file to another location in WordPress for security

  • How to find which site using which wordpress pluginHow to find which site using which wordpress plugin

About Tushar Thakur

Tushar is founder of Xtendedview. He love to experiments on different gadgets, software/apps. He is professional blogger and Internet marketer. He is Interested in electronics and computers, Internet technology, Search Engine Optimization, Internet Marketing. Running online business and Blogs

Tushar has written 498 awesome articles for us at XtendedView.

  • Find Tushar On
❮
How to Create a Video Gallery on Your WordPress Website

Comments

  1. Rudraksh Pathak says

    at

    Very useful tips Tushar. Well WordPress blogs are easy to hack

    Reply
    • Tushar says

      at

      Thank you for the comment. :))

      Reply
  2. Celita says

    at

    Very useful information, and quite on time for my site. Thanks!

    Reply
    • Tushar says

      at

      You are welcome. 🙂

      Reply
  3. Saqib says

    at

    Can you tell me where to paste that code in htaccess?

    Reply
    • Tushar says

      at

      Just paste the code in the last.

      Reply
  4. avi says

    at

    thanks for this useful information. please tell me where to paste .htaccess code ?

    Reply
    • Tushar says

      at

      Go to your Cpanel and edit the .htcaccess file and put the code in the last line.

      Reply
  5. ashish says

    at

    how to protect wordpress blogs especially from sql injection attacks?

    Reply
  6. Rick Ainso says

    at

    Valuable piece of content.

    Reply
  7. Kevin Emma says

    at

    Thanks for helping! But I think some plugin will conflict this .htacesss modification, isn’t it right?

    Reply

 Comment Policy

Your words are your own, so be nice and helpful if you can. Please, only use your REAL NAME, not your business name or keywords. Using business name or keywords instead of your real name will lead to the comment being deleted. Anonymous commenting is not allowed either. Limit the amount of links submitted in your comment. We accept clean XHTML in comments, but don't overdo it please. You can wrap code in [lang-name][/lang-name] tags.


Tell us what you're thinking... Cancel reply

If you want a picture to show with your comment, then get Gravatar!

Connect on Facebook

Latest Articles

  • Top 5 GOM Player Alternatives for Windows
  • What is Peer to Peer File Sharing Software P2P: How It Works?
  • Top 6 Online Casino Software Providers in 2021
  • 4 Ways: How to Run Android Apps and Games in Windows 10 | 8

Featured Articles

  • How to Turn off Laptop Screen Manually
  • Benefits of Using Online Payment Platforms
  • Digital Ocean Review: Cheapest cloud hosting
  • How to close Metro Style Apps in Windows 8
  • How to run Android applications on MAC
  • How to remove login password from windows 8
  • How to Play Android games on Windows PC

Trending Topics

  • Android 23
  • Apps 2
  • Blogging 33
  • Business 67
  • Computer 71
  • Education 1
  • Games 11
  • Games 20
  • Google 11
  • How to 39
  • Internet 140
  • Marketing 11
  • Mobile 38
  • Technology 125
  • Windows 13
  • Wordpress 12
  • Some Rights Reserved. Xtendedview | Copyrights 2011-2020 | Site Map | Privacy Policy
  • XtendedView is built on WordPress
  • WordPress Hosting by Bluehost