WordPress.org

Ready to get started?Download WordPress

Forums

wp-config , ummm...just me or a huge security risk? (2 posts)

  1. shackrock
    Member
    Posted 7 years ago #

    Is it just me, or is having the password of your mySQL WP database right in a file that EVERYONE knows about not a bad thing? ...anyone care to explain to me why this is (security-wise) ok?

    Thanks!

  2. Doodlebee
    Member
    Posted 7 years ago #

    Maybe everyone knows it's there, but it's only a security risk if the server settings are such that someone actually has access to it. It's a PHP file that set to not display anything through the browser (try it - it's a blank page - even in the source code). The only other way someone could get it is if they downloaded the file from your server. The only way they could do that is if your *server* settings are compromised.

    If you're truly that worried about it, place the file outside your public_html and link it in. 'course, that may take some doing...

Topic Closed

This topic has been closed to new replies.

About this Topic