Knowledge Base Hub

Browse through our helpful how-to guides to get the fastest solutions to your technical issues.

Home  >  WordPress FAQ  >  Learn to Deny Access to Your wp-config.php File Under WordPress Installation
Top Scroll
24 February 2020

Learn to Deny Access to Your wp-config.php File Under WordPress Installation

 2 min

Is your wp-config.php file secure? You can deny access to this file by following simple steps.

Steps to Deny Access to Your wp-config.php File Under WordPress Installation

  1. You will find your wp-config.php in the main directory of your WordPress installation and it is used to access the database.
  2. In this file comprises of your user id, password and database name in unencrypted format.
  3. Though it might be a .php file and no one should be able to see its content from the browser, you shouldn’t keep it in the main folder without doing anything about it.
  4. .htaccess in WordPress is commonly used to setup custom permalink for better SEO optimization. But you can utilize .htaccess to minimize vulnerability of your site.
  5. It is good to update your .htaccess to deny access to it. Here, files directive can be used to deny access to certain files. This directive can be used for any file on your website.
  6. Simply add the below code to your .htaccess present under the www directory:
# to protect wp-config.php
<Files wp-config.php>
order allow,deny
deny from all
</Files>

Here “deny all” will deny the access to wp-config.php for all.

Also Read:
Everything You Need to Know About wp-config.php

Related Articles
How to Use the WP Toolkit to Secure and Update WordPress?
Know How to Extract “wppress” Archives Created by the All-in-One WP Migration Plugin?
Know How To Set Constant FS_Method?
For our Knowledge Base visitors only
Get 10% OFF on Hosting
Special Offer!
30
MINS
59
SECS
Claim the discount before it’s too late. Use the coupon code:
STORYSAVER
Grab the deal
4.6
Note: Copy the coupon code and apply it on checkout.