Title: a different modify headers problem
Last modified: August 18, 2016

---

# a different modify headers problem

 *  Anonymous
 * [21 years, 10 months ago](https://wordpress.org/support/topic/a-different-modify-headers-problem/)
 * Don’t you hate it when you think you know what you’re doing, and find out you
   don’t?
    I’m having a problem that is different from the one found on the faq 
   regarding the “cannot modify headers” problem… at least, I THINK it’s different…
   I don’t like having my database password “hanging out” on the web. I got WordPress
   working the “regular” way, then edited the config file to put the database information(
   the “define” statements) in an include file which is stored outside of the web
   root. I then invoked the include file in the config file, just above the defs
   for the server/host/user etc. variables. Now, no matter what I do, I get this
   warning Warning: Cannot modify header information – headers already sent by (
   output started at `em` my root directory`/em`/blog_info/wf_db.inc.php:9) in`em`
   various files apparently trying to change the headers, including`em`wp-login.
   php -after clearing my cookies. BUT! Whatever I’ve done (edit, added comment,
   etc) actually DOES get done. It just takes me to the warning screen instead of
   returning me to the post or blog screen (or whatever screen the action is supposed
   to return me to). So, I”m thinking it’s something about having to invoke the 
   include file outside the web root that’s causing the problem. But I can’t find
   a line in any of the login, post, edit, whatever files that invokes anything 
   OTHER than the config file, so it shouldn’t be WANTING to modify the headers,
   right? Anybody got any ideas? (Don’t know if I can post this anonymously – and
   I didn’t think to register before starting the post… if it posts anyway, hi, 
   my name is Karen, and I aspire to geekhood – but I’m (obviously) not there yet.)

Viewing 9 replies - 1 through 9 (of 9 total)

 *  Thread Starter Anonymous
 * [21 years, 10 months ago](https://wordpress.org/support/topic/a-different-modify-headers-problem/#post-80621)
 * Ok, obviously I screwed up the em tags… sorry ’bout that. They were supposed 
   to set off the stuff that isn’t actually part of the warning message.
    (oh, yeah,
   it’s me again)
 *  [Mark (podz)](https://wordpress.org/support/users/podz/)
 * (@podz)
 * [21 years, 10 months ago](https://wordpress.org/support/topic/a-different-modify-headers-problem/#post-80623)
 * Your database password isn’t “hanging out”.
    Find a wordpress site, then go to
   their wp-config file. You will see nothing at all. The PHP is executed by the
   server, and not sent to the browser. It never gets to the viewer’s machine. It’s
   secure.
 *  Thread Starter Anonymous
 * [21 years, 10 months ago](https://wordpress.org/support/topic/a-different-modify-headers-problem/#post-80625)
 * Are you saying that there’s NO WAY for a hacker to somehow see the contents of
   a php script that’s on the web? I thought there’s be some way for somebody smarter
   than me to see it…
 *  [Mark (podz)](https://wordpress.org/support/users/podz/)
 * (@podz)
 * [21 years, 10 months ago](https://wordpress.org/support/topic/a-different-modify-headers-problem/#post-80627)
 * I don’t know enough about php and what hacker tools are around, but I can tell
   you that in the last 7 months, during which time WP use has expanded a fair bit,
   that no-one has posted to say they were hacked and that the cause was wp-config.
   
   In my experience, stuff like phpBB and miniBB (this forum is miniBB) also have
   their database info held in files (it’s needed every single time the site is 
   viewed) and they too have not had this issue – I would imagine it would be noted
   as important news. I also cannot see that the devs would not have considered 
   what they were doing in this respect, and given that WP evolved from b2, if there*
   had* been a problem, it would have been changed. Guarantees ? There aren’t any
   on the net, but given the installed userbase, you are safe 🙂
 *  Thread Starter Anonymous
 * [21 years, 10 months ago](https://wordpress.org/support/topic/a-different-modify-headers-problem/#post-80628)
 * Ok… I also think I”ll ask this question at my ISP’s boards. There are a LOT of“
   security geeks” there. If they say anything diffrent, I’ll come back and let 
   y’all know!
 *  [Mark (podz)](https://wordpress.org/support/users/podz/)
 * (@podz)
 * [21 years, 10 months ago](https://wordpress.org/support/topic/a-different-modify-headers-problem/#post-80631)
 * There are a fair few ‘geeks’ around here too !
 *  [karenjg](https://wordpress.org/support/users/karenjg/)
 * (@karenjg)
 * [21 years, 10 months ago](https://wordpress.org/support/topic/a-different-modify-headers-problem/#post-80633)
 * I know, but it was on the ISP board that I first got the idea that it was a problem
   to have the passwords “out” in the web-accessible part of my site. Hopefully,
   whoever gave that impression can either refresh my memory, or tell me I misunderstood
   what he/she/it was saying.
 *  [karenjg](https://wordpress.org/support/users/karenjg/)
 * (@karenjg)
 * [21 years, 10 months ago](https://wordpress.org/support/topic/a-different-modify-headers-problem/#post-80639)
 * ACK! It was an extra line at the front of the include file! Since it’s working,
   I’m just gonna leave it now. But I’d still like to know if a hacker could ever
   actually SEE the php script on a page. It’s just curiosity, now. But still.
 *  [karenjg](https://wordpress.org/support/users/karenjg/)
 * (@karenjg)
 * [21 years, 10 months ago](https://wordpress.org/support/topic/a-different-modify-headers-problem/#post-80640)
 * OK, one last post on the subject, just to share the info… apparently if the server
   the page is on doesn’t “recognize” the .php extention as something that is supposed
   to be processed by php, the text of the page (the actual script) COULD appear.
   Not likely, unless it’s a personal server, because most web hosting services 
   would never make such a stupid mistake. Still, according to one of the security
   gurus on pair.com, putting the database password outside of the web tree is a
   good idea just on general principle that the less ‘sensitive” information accessible
   on the web, the better.
    YMMV! But it was pretty easy to do, once I figured out
   what the problem was, and I’ll be happy to explain how if anybody who wants me
   to.

Viewing 9 replies - 1 through 9 (of 9 total)

The topic ‘a different modify headers problem’ is closed to new replies.

 * In: [Installing WordPress](https://wordpress.org/support/forum/installation/)
 * 9 replies
 * 3 participants
 * Last reply from: [karenjg](https://wordpress.org/support/users/karenjg/)
 * Last activity: [21 years, 10 months ago](https://wordpress.org/support/topic/a-different-modify-headers-problem/#post-80640)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics