protecting wp-config with WordPress below documentRoot | WordPress.org

bmrzmr2
(@bmrzmr2)

10 years, 11 months ago
Very new to WordPress so bear with me.

I have an existing website who’s content, some of which I want to remain to remain active but not migrate to WP, and some will I will move. Why not all…. some uses Java Applets and on the server and haven’t found plugins that work and others are “historical” pages that are interesting but not worth rewriting in WP.

I want WP to be the initial access point for viewers and users with http links in WP pages/posts to the “historical’ side. So mine initial layout is:
```
public_html (documentRoot)
     .htaccess
      web (historical pages)
      web2 (wordpress)
```
I have written a .htaccess with tRewrite rules to push http://mysite.com to web2/index.php.

What is the best way to protect wp-config.php?

Moving it to one directory up from web2 is no better than leaving it in web2?

If I move it to public_html, I can add a Rewrite for wp-config.php either to deny access or to web2/index.php

Can easily chmod 600.

Anything better or stronger or problems doing it this way?

Thanks in advance

Viewing 1 replies (of 1 total)

leejosepho
(@leejosepho)

10 years, 11 months ago

Obscurity and security are not the same thing, so I use BulletProof Security and set the wp-config permissions to 0400.

Viewing 1 replies (of 1 total)

The topic ‘protecting wp-config with WordPress below documentRoot’ is closed to new replies.

In: Fixing WordPress
1 reply
2 participants
Last reply from: leejosepho
Last activity: 10 years, 11 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics