WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Do you remove Installer and Config files after installation? (6 posts)

  1. nicksguide
    Member
    Posted 6 years ago #

    Hi,
    I just installed Word Press on my site nicksguide.com
    This is the first time I'm using WordPress and so far I have felt its awesome ... no no ... AWESOME! software.
    I just needed to know if after installation there is anything we need to do.
    Do we delete the install.php file or do we change permissions to wp-config.php file.
    Please suggest what we need to do.
    Thanks guys,
    Nick.

  2. Jeremy Clark
    Moderator
    Posted 6 years ago #

    Here is some basic security guidelines.
    http://codex.wordpress.org/Hardening_WordPress

  3. nicksguide
    Member
    Posted 6 years ago #

    Thanks,
    That completely answers my question.
    You got 5 stars from me for your reply and help :)
    Regards,
    Nick.

  4. shane10101
    Member
    Posted 6 years ago #

    Definitely some good advise there, but I'm still wondering whether there's any reason to leave files like /wp-config.php, /wp-admin/install.php, and /wp-admin/upgrade.php on the server once the initial install is complete?

    I can imagine that, even with write access disabled, if someone could manage to read the php code in wp-config, that would be bad.

    Thanks!

    Shane

  5. whooami
    Member
    Posted 6 years ago #

    umm, well since your posts and pages are stored in a mysql database, and since the connection info for MySQL is stored inside your wp-config.php, you cannot delete that.

    you can and should delete install.php and upgrade.php

    fwiw, the only way your wp-config.php will be ever read as plain text in a browser session is if the php interpreter goes nuts up, or, for some reason, someone makes a bad edit to the httpd.conf, and perhaps comments out the include php.conf file (apache 2.x) -- I mention that, because Ive actually done it.

    you can move the sensitive bits in your wp-config.php to another file though that is outside of any web accessible directory though, if that really worries you.

  6. shane10101
    Member
    Posted 6 years ago #

    Thanks, whooami. I'm not going to go crazy w/ the security stuff -- moving wp-config file to a non-web-accessible directory might be worth the trouble, but I'd have to look into it.

    My concern was what you mentioned -- that I'd screw up something & the contents of wp-config would be displayed for all the world to see. (Kind'a freaked me out the first time I made a mistake in php and - oops -- there's my code, right there in the browser!)

    Thanks for the info on install & upgrade. I'll put upgrade back next time it's needed, & delete install now.

Topic Closed

This topic has been closed to new replies.

About this Topic