WordPress.org

Ready to get started?Download WordPress

Forums

password in wp-config.php (17 posts)

  1. citeewurkor
    Member
    Posted 9 years ago #

    hi,
    so I was amazed that it really took me only five minutes to install WP. Question, though:
    my database password is located in wp-config.php.
    Is that secure?
    I mean, I put the path to my wp-config.php in my web browser, and came up with a blank page, but would it be possible for someone to hack into this and steal my db password?

  2. No one will see the information inside your wp-config.php file unless they have FTP access to your files.

  3. citeewurkor
    Member
    Posted 9 years ago #

    Thanks! That's what I needed to know!

  4. Anonymous
    Unregistered
    Posted 9 years ago #

    Hi!
    The sistem don't reconozid the password and it is good!!! What Can I do??

  5. Mark (podz)
    Support Maven
    Posted 9 years ago #

    Which password ?

  6. Anonymous
    Unregistered
    Posted 9 years ago #

    Sorry.
    I put this in the browser: http://mypage.com/wp-admin/install.php and and salt this error: Parse error: parse error, unexpected T_STRING in /home/virtual/sitio24900/www/wp-config.php on line 25
    The line 25 is the password of the wp-config.php but my password isn't wrong!
    What happens?

  7. Mark (podz)
    Support Maven
    Posted 9 years ago #

    Check that line carefully.
    You've missed something like a ' or : or ) or ;

  8. Anonymous
    Unregistered
    Posted 9 years ago #

    i got this after installation and the move to the adimn log-in.
    Parse error: parse error, unexpected T_STRING, expecting ',' or ';' in /homepages/43/d86796165/htdocs/wordpress/wp-admin/post.php on line 1045
    what "or"ß
    hell, I don't know anything about php

  9. Mark (podz)
    Support Maven
    Posted 9 years ago #

    I would delete 'post.php' and reupload it.
    Could be an ftp error.

  10. Anonymous
    Unregistered
    Posted 9 years ago #

    thanx
    OK I'll try that.
    sorry for my "anonymous" and my bad english.
    I'm in too much forum discussions and I WANT to get wordpress runnning.

  11. Anonymous
    Unregistered
    Posted 9 years ago #

    YES, yes,yes!!
    that worked.
    thank you very much indeed....
    and now I'm gonna find out what to do with it and how to at an fantastic sytle to my blog :))
    markus

  12. Anonymous
    Unregistered
    Posted 9 years ago #

    .. and maybe one day I'll learn to type tings more correctly...
    add a new style...
    markus

  13. Anonymous
    Unregistered
    Posted 9 years ago #

    arrghh
    m.

  14. sicro
    Member
    Posted 9 years ago #

    ...bump...

    Before "anonymous" rushed in, there was an interesting thread going:

    wp-config.php and security

    I am aware that under *normal* circumstances the wp-config.php wouldn't display in the browser, but what happens if someone manages to find a loophole elsewhere to display the contents of the file. Passwords in clear text on a webserver, doesn't sound like a good idea.

    Since WP is now seeing a proliferation in usage through the promotion by large webhosting companies (Lycos just to name one), it would be the right time to think about security again and to see if there is room for improvement.
    On the other hand I guess, large webhosting providers wouldn't encourage the use of WP on their servers if it wasn't safe - but better is always the enemy of good. Is good, good enough?

  15. The "loop hole" would have to be in PHP itself, not WordPress, as this is the default behavior of PHP. Such PHP holes are usually plugged rather quickly.

  16. adeydas
    Member
    Posted 9 years ago #

    Enabling the exec() command in PHP can be one big loop hole. Is it not possible to put the password in some encoded form on a completely separate file?!

  17. citeewurkor
    Member
    Posted 8 years ago #

    I was reading through some of my old posts and ran into this one again (my first post here!) and was wondering if anyone had ever come up with a way to encrypt the database password in wp-config.php ?? I understand that it's quite secure the way it is, but I remember specifically while using another blogging platform a few years ago, that the database password was encrypted. Sorry, I only used it for like a day, and can't remember which platform it was.
    Any thoughts?

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.