Securing wp-config.php No multisite 2 subdomains

  • agoe312

    (@agoe312)


    9 years, 6 months ago

    Hi There

    I have a main domain with WP 4.0, wp-config.php is in the folder above public_html. I also have a subdomain, but I do not know where to place wp-config.php for security issues. Cannot move it 1 folder above because there is already the wp-config.php from the main domain. I do not want to use a multisite because some plugins do not work together.

    Any idea how I can save the 2 wp-config.php files outside the pubic_html folder for the two different WP’s?

    Looking forward for an answer.

Viewing 1 replies (of 1 total)
  • Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    9 years, 6 months ago

    Not everyone can move wp-config.php outside of the web-root, and some would argue that the benefits aren’t even worth it: http://wordpress.stackexchange.com/questions/58391/is-moving-wp-config-outside-the-web-root-really-beneficial

    Personally, I don’t see much value in it. The wp-config.php file is either in the web-root, or one directory above. If someone did break in via FTP, there’s now two places for them to look, which really doesn’t help you much at all. It’s like telling someone your house is secure because the front door key is either under the door mat or in the flower pot, so now they simply know to look in two places instead of just one.

    Basically, all of that to say that it’s really not worth moving, especially since you’re running into trouble with that.

    You can further protect wp-config.php by changing the permissions of the file to 400 or 440 (whichever one doesn’t break WordPress under your server configuration, preferably the lowest), and adding this to the .htaccess file in the same directory as the wp-config.php file:

    <files wp-config.php>
order allow,deny
deny from all
</files>

    Also, we have a few other security recommendations which you might be interested in: https://codex.wordpress.org/Hardening_WordPress

Viewing 1 replies (of 1 total)
  • The topic ‘Securing wp-config.php No multisite 2 subdomains’ is closed to new replies.