I’d suggest reading through the (many) comments about (more or less) this issue from the wp-hackers mailing list:
http://comox.textdrive.com/pipermail/wp-hackers/2005-April/thread.html
Search that page for “Security Vulnerability found”, and you’ll find some pertinent information. Note the threading on that site is not perfect; the issue is spread over a couple different threads.
I’m not trying to sidestep your question or to turn you away. I’m just pointing out some background. (And no apologies necessary).
EDIT: There was a forum post about the specific (so-called) threat that wp-hackers list thread talks about. http://wordpress.org/support/topic.php?id=30721
At least one mention of the topic I’m aware of here:
http://wordpress.org/support/topic.php?id=16288
If you’re that concerned, you could certainly rename/move the config file, but you’ll need to inform WordPress about it, which would involve editing quite a few files in the main and ‘wp-admin/’ directories.
A modicum of protection: install WP in a subfolder named whatever you want the blog name to be (as in P O V, Whispers, Talespinner – the ones I have active at the moment). That’s one more minor layer of obfuscation between the greebs and wp-config.php.
Sorry, I wasn’t even aware of the wp-hackers mailing list and am now highly amused that I posted this question just days after such a huge thread on the topic. Try not to be such a noob but what does it get you anyway 😉
