WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] different place for config script (7 posts)

  1. miriams
    Member
    Posted 8 years ago #

    I would like to put the config script, with all the passwords to my web site, in a more secure location. I have heard that one should put connection scripts below the site root or in a cgi folder. I would like to put mine below the root probably. Someone else on a forum already said, "oh it's perfectly secure" but I'm a worrier, and it seems like anyone who has WordPress would know exactly where to find the config script and what it was called unless I change it. There must be a simple way to change the urls to the page, or to do a require for the password stuff which is in another page, but so far I have only gotten the require to work when the other page is in the same folder. I'm a beginner at PHP. Has someone already done something like this and can explain how to do it?

  2. Here's my config file: http://www.viper007bond.com/wordpress/wp-config.php

    You're welcome to steal all of my passwords and stuff out of it. :)

    But seriously, there's no way to see the contents of that file or any other PHP file for that matter from a browser. I think you're just worrying too much. :)

    But if you REALLY wanted to do it still for some reason, I'd say the easiest is to copy it to somewhere else and then put this in your current wp-config.php:

    <?php require('/full/path/to/the/file/whatever.php'); ?>

    Your current path would probably be like /home/account/public_html/wordpress/wp-config.php, so just do like /home/account/whatever.php.

  3. miriams
    Member
    Posted 8 years ago #

    I tried something like that. The path I used was relative, maybe that was my mistake. It worked when was in the same folder as the config script, but I think the problem when I put it below the site root was something to do with pages accessing it from different levels, or else something weird with a require inside a required bit. I don't know that much about PHP. I'll try it again with an absolute path.

    Thanks!

  4. whooami
    Member
    Posted 8 years ago #

    actually, with the path done properly, configuration files do NOT even need to be web accessable, that is to say you can place them above your www_root. php doesnt require they be web acc. just that they be locatable on the box.

  5. miriams
    Member
    Posted 8 years ago #

    Could you explain that more please? Is there a way to make a file definitly not web accessible? I know if I typed in a PHP page I wouldn't see anything, but is there a way to make the page "not web accessible", like with permissions or something?

  6. miriams
    Member
    Posted 8 years ago #

    The new path with the require does seem to work. Thanks!

  7. whooami
    Member
    Posted 8 years ago #

    miriams, yes...

    you can place it anywhere : ie, you could have it in the directory ABOVE your web site.

    php doesnt care, as long as you tell it where to look for the file.

Topic Closed

This topic has been closed to new replies.

About this Topic