Adding a little protection to wp-config.php

Wordpress get’s hacked a lot so it pays to spend a little bit of time looking at http://codex.wordpress.org/Hardening_WordPress. One thing I’ve looked for is how wp-config needs to be protected.

Only allow yourself & apache access to the file by doing
chown root:www-data wp-config.php chmod 640 wp-config.php

And make sure .htaccess in the site root is covering some basics
<IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # # protect the htaccess file <files .htaccess> order allow,deny deny from all </files> # # limit file uploads to 10mb LimitRequestBody 10240000 # # disable the server signature ServerSignature Off # # protect wpconfig.php <files wp-config.php> order allow,deny deny from all </files> # # disable directory browsing Options All -Indexes

Posted on April 5th, 2009 under Linux, Server • Tags: hosting, Linux, security, vps, wordpress. • RSS 2.0 feed • Leave a response, or trackback

inetd.info

Adding a little protection to wp-config.php

Leave a Reply

Cloud

Categories

Archives

Recent Posts

Links

Meta