How to Lockdown wp-config file in WordPress

How to Lockdown wp-config.php file in WordPress

WordPress is one of the most popular CMS with over 35% of internet website are build on WordPress CMS at this time of writing this post. There are other CMS like Squarespace, Joomla, Drupal etc but use by only fewer sites. WordPress is far ahead as compared to its competitor. Previously WordPress users to create a blog or website But now WordPress core code changed a lot as well as a massive ecosystem of plugins and theme, you can create any type of website with WordPress.

How to Lockdown wp-config.php file in WordPress

As WordPress is more popular CMS, therefore, it is the main target for a hacker. As per Sucuri WordPress accounted for 90 per cent of all hacked CMS sites in 2018. WordPress is very secure by default itself most of the security breach occurs due to the use of theme and plugin from unauthorized sources. on WordPress Platform website security hardening means securing a website by reducing its surface of vulnerability. More use of theme and plugin, Showing directory or WordPress version provides a potential entry point to a hacker.

Security Issue with wp-config file-:

How to Lockdown wp-config file in WordPress

Protecting the WordPress wp-config.php file is another way to beef up your WordPress security. The WordPress wp-config.php file contains very sensitive information about your WordPress installation, WordPress Database including the name, host (typically localhost), username, and password . wp-config file does not come with default WordPress download package it gets created when we install WordPress on our website.

You certainly do not want the content of this file to fall in the wrong hands, so WordPress wp-config.php security is definitely something you should take seriously. In this step by step article, I will explain how to protect the WordPress wp-config.php file, and how to store the sensitive information wp-config.php file contains somewhere secure, not accessible via the web.

How to Lockdown wp-config file in WordPress-:

How to Lockdown wp-config file in WordPress

Connect to your website using an FTP client and download the .htaccess file found in the root directory of your website. If you are unable to locate your wp-config file read my complete guide How to Locate wp-config file in WordPress.  It is important to use SFTP of FTPES to encrypt the communication between your computer and your servers. First, take a backup of your wp-config file so that if anything wrong happens you will have its backup. Using a text editor such as Notepad open the .htaccess file. Copy the below to your .htaccess to deny access to your wp-config.php file. You can copy the below text at the bottom of your .htaccess file, after all other entries.

# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all

Above code will disable the access of wp-config file. It will be very helpful if a hacker gets access to your WordPress dashboard, Hacker would not be able to make any change to your wp-config file which contains sensitive information about your website. 

If you like my work, Please Share on Social Media! You can Follow WP knol on FacebookTwitterPinterestQuora and YouTube for latest updates. You may Subscribe to WP Knol Newsletter to get latest updates via Email. You May also Continue Reading my Recent Posts Which Might Interest You.

About Amar Patel 263 Articles
Hi, I am Amar Patel from India. Founder, Author and Administrator of I am a Simple Average Man who Loves life and Love living life.Professionally I am a Mechanical Engineer. Apart from my Job, I Love to write the things around WordPress WordPress CMS.