WordPress.org

Ready to get started?Download WordPress

Forums

Acunetix WP Security
wp-config.php location issue (2 posts)

  1. MuViMoTV
    Member
    Posted 2 months ago #

    Hi,

    I just noticed an issue with your code.

    You are referencing to wp-config.php using the following: ABSPATH.'wp-config.php'; and trailingslashit(ABSPATH).'wp-config.php';

    This is creating issues when that file is not located in the root as allowed by wordpress that file can be one folder up...

    If you look in wordpress core file wp-load.php you can see they are using the following code which is more appropriate: if ( file_exists( ABSPATH . 'wp-config.php') ) {

    /** The config file resides in ABSPATH */
    require_once( ABSPATH . 'wp-config.php' );

    } elseif ( file_exists( dirname(ABSPATH) . '/wp-config.php' ) && ! file_exists( dirname(ABSPATH) . '/wp-settings.php' ) ) {

    /** The config file resides one level above ABSPATH but is not part of another install */
    require_once( dirname(ABSPATH) . '/wp-config.php' );

    }

    Hope you can update you product soon

    Thanks a lot

    https://wordpress.org/plugins/wp-security-scan/

  2. helloanthony
    Member
    Posted 2 months ago #

    Moving the wp-config file up one level is just good security practice. I would also like you to update this.

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.