WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Not use DEFINE for db information? (6 posts)

  1. billsaysthis
    Member
    Posted 8 years ago #

    Is it possible to rewrite wp-config to not leave the information as plain text in a well-known file/location? This seems like an unnecessary security hole. Searching the codex and here doesn't turn up any past discussion though apologies in advance if I missed it.

  2. Michael Adams (mdawaffe)
    Member
    Posted 8 years ago #

    I'd suggest reading through the (many) comments about (more or less) this issue from the wp-hackers mailing list:
    http://comox.textdrive.com/pipermail/wp-hackers/2005-April/thread.html

    Search that page for "Security Vulnerability found", and you'll find some pertinent information. Note the threading on that site is not perfect; the issue is spread over a couple different threads.

    I'm not trying to sidestep your question or to turn you away. I'm just pointing out some background. (And no apologies necessary).

    EDIT: There was a forum post about the specific (so-called) threat that wp-hackers list thread talks about. http://wordpress.org/support/topic.php?id=30721

  3. Kafkaesqui

    Posted 8 years ago #

    At least one mention of the topic I'm aware of here:

    http://wordpress.org/support/topic.php?id=16288

    If you're that concerned, you could certainly rename/move the config file, but you'll need to inform WordPress about it, which would involve editing quite a few files in the main and 'wp-admin/' directories.

  4. vkaryl
    Member
    Posted 8 years ago #

    A modicum of protection: install WP in a subfolder named whatever you want the blog name to be (as in P O V, Whispers, Talespinner - the ones I have active at the moment). That's one more minor layer of obfuscation between the greebs and wp-config.php.

  5. billsaysthis
    Member
    Posted 8 years ago #

    Sorry, I wasn't even aware of the wp-hackers mailing list and am now highly amused that I posted this question just days after such a huge thread on the topic. Try not to be such a noob but what does it get you anyway ;)

  6. Michael Adams (mdawaffe)
    Member
    Posted 8 years ago #

    No worries :)

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags