Title: Access WP-Config.php Credentials
Last modified: October 11, 2017

---

# Access WP-Config.php Credentials

 *  Resolved [DuckSportsFan](https://wordpress.org/support/users/ducksportsfan/)
 * (@ducksportsfan)
 * [8 years, 7 months ago](https://wordpress.org/support/topic/access-wp-config-php-credentials/)
 * Update suggestion: I happen to store all my WP credentials in a file outside 
   my public_html directory…to provider greater security… I call this file from 
   the wp-config.php file, to load php variables for the credentials. For example,
 * require( dirname( __FILE__ ) . ‘../../../.PFF/files.conf’ );
    /** The name of
   the database for WordPress */ define(‘DB_NAME’, $ep); /** MySQL database username*/
   define(‘DB_USER’, $user); /** MySQL database password */ define(‘DB_PASSWORD’,
   $pswd); /** MySQL hostname */ /*define(‘DB_HOST’, ‘localhost’);*/ define(‘DB_HOST’,
   $host); /*WordPress Database Table prefix. $table_prefix = $ep_pre;
 * It would be nice if you could address this method, and perhaps provide fields
   for us to define each credential with a variable name, so you can read them, 
   and advise us to use them for this purpose if we are utilizing this method.
 * The reason I do this, primarily, is because I have 12+ web sites I manage, and
   it’s very easy to manage admin credentials from just one file. I know you understand
   the concept. I hope this turn a light on for ya! Thank you for an excellent WP
   plugin!
    -  This topic was modified 8 years, 7 months ago by [DuckSportsFan](https://wordpress.org/support/users/ducksportsfan/).
 * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Faccess-wp-config-php-credentials%2F%3Foutput_format%3Dmd&locale=en_US)
   to see the link]_

Viewing 7 replies - 1 through 7 (of 7 total)

 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [8 years, 7 months ago](https://wordpress.org/support/topic/access-wp-config-php-credentials/#post-9579234)
 * Hi,
 * You can do that with the help of the NinjaFirewall undocumented `$wp_config` 
   variable. But you will need to make a small adjustment to your code:
 * 1. You must add to your “files.conf” the following 5 directives (replace X’s 
   with the proper values):
 *     ```
       <?php
       define('DB_NAME', 'xxxx');
       define('DB_USER', 'xxxx');
       define('DB_PASSWORD', 'xxxx');
       define('DB_HOST', 'x.x.x.x');
       $table_prefix  = 'xx_';
       ```
   
 * 2. In the “wp-config.php” file from each blog, comment them out.
 * 3. Add the `require( dirname( __FILE__ ) . ‘../../../.PFF/files.conf’ );` to 
   each “wp-conf.php” file. FYI, you can use `__DIR__` instead of `dirname( __FILE__)`
   which is a bit faster 😉
 * 4. Create a [“.htninja” file](https://nintechnet.com/ninjafirewall/wp-edition/help/?htninja)
   for each blog, and add the following code:
 *     ```
       <?php
       /*
        +===================================================================+
        | NinjaFirewall optional configuration file                         |
        |                                                                   |
        | See: https://nintechnet.com/ninjafirewall/wp-edition/help/?htninja|
        +===================================================================+
       */
   
       $wp_config = '/full/path/to/files.conf'; 
       ```
   
 * NinjaFirewall will notice the “$wp_config” variable and will use it instead of
   the “wp-config.php”.
 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [8 years, 7 months ago](https://wordpress.org/support/topic/access-wp-config-php-credentials/#post-9579256)
 * I’m thinking that that will load the same DB credentials and prefix for each 
   blog, which is not good obviously.
 * You will need to make small changes to my previous code. For instance:
 * 1. In the “wp-config.php” for “domain01.com” you could have:
 *     ```
       require( dirname( __FILE__ ) . ‘../../../.PFF/files.conf’ ):
       load_credentials("domain01.com");
       ```
   
 * 2. In your “files.conf”:
 *     ```
       <?php
   
       function load_credentials( $domain ) {
   
          global $table_prefix; // Important!
   
          if ( $domain == "domain01.com" ) {
   
             // domain01.com credentials: 
             define('DB_NAME', 'xxxx');
             define('DB_USER', 'xxxx');
             define('DB_PASSWORD', 'xxxx');
             define('DB_HOST', 'x.x.x.x');
             $table_prefix  = 'xx_';
   
          } elseif ( $domain == "domain02.com" ) {
   
             // domain02.com credentials:
             define('DB_NAME', 'xxxx');
             define('DB_USER', 'xxxx');
             define('DB_PASSWORD', 'xxxx');
             define('DB_HOST', 'x.x.x.x');
             $table_prefix  = 'xx_';
   
          } elseif ( $domain == "domain03.com" ) {
   
             // domain03.com credentials:
             ...
             ...
          }
       }
       ```
   
    -  This reply was modified 8 years, 7 months ago by [nintechnet](https://wordpress.org/support/users/nintechnet/).
 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [8 years, 7 months ago](https://wordpress.org/support/topic/access-wp-config-php-credentials/#post-9579649)
 * Forget my second post, it won’t work if you are running NinjaFirewall in “Full
   WAF” mode!
 *  Thread Starter [DuckSportsFan](https://wordpress.org/support/users/ducksportsfan/)
 * (@ducksportsfan)
 * [8 years, 7 months ago](https://wordpress.org/support/topic/access-wp-config-php-credentials/#post-9582015)
 * Thanks! Yes, like I said, I maintain multiple web sites… I gues a simple solution
   would be to create separate “XX_files.conf” files for each domain…at least they’d
   be all in one spot to modify. Here’s an example of my “fies.conf” contents:
 *     ```
       <?
       /** set timezone for server */
       date_default_timezone_set('America/Los_Angeles');
   
       /** vars for server */
       $path = "/home/xxxcom/public_html";
   
       /** vars for database credentials */
       $host	 		= "localhost";
       $user 			= "xxxx";
       $pswd 			= "xxxx";
   
       /** vars for MySQL databases */
       $ep		 	= "xxxx_estateplanningmap";
       $rea	 		= "xxxx_reagentmap";
       $pro	 		= "xxxx_theseminarpros";
       $ref	 		= "xxxx_refractivemap";
       $scheduler		= "xxxx_kdunnscheduler";
       $calendar		= "xxxx_kdunncalendar";
   
       /** vars for database table prefixes  */
       $ep_pre 		= "wp_xxxx_";
       $rea_pre 		= "wp_xxxx_";
       $aaoapa_pre 		= "wp_xxxx_";
   
       ?>
       ```
   
 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [8 years, 7 months ago](https://wordpress.org/support/topic/access-wp-config-php-credentials/#post-9584645)
 * The problem is that NinjaFirewall does not load the “wp-config.php” (it can’t
   otherwise that would load WordPress as well), hence it reads it line by line 
   and looks for “define(‘DB_NAME’, ‘xxx’);” etc to get the DB credentials.
 * The simplest solution is as per my first example, but using one configuration
   file per site and having the “$wp_config” pointing to the corresponding one. 
   Somehow, it is also a bit safer because right now, all your DB credentials are
   accessible from one site i.e., the whole file is loaded and it includes all DBs
   password.
 *  Thread Starter [DuckSportsFan](https://wordpress.org/support/users/ducksportsfan/)
 * (@ducksportsfan)
 * [8 years, 7 months ago](https://wordpress.org/support/topic/access-wp-config-php-credentials/#post-9584899)
 * Yes, I use only one database password for all sites. I change the random 13 alpha-
   numeric string every year…so my setup makes it easy. Oh, by the way, I have one
   main domain on bluehost and all other domains are “addon” domains, which each
   domain root resides as a directory in the root of the main domain… So my hidden
   config file is accessible to all my domains.
 * With your first suggestion, I’ll have to create a separate “hidden” config file,
   which is doable, and easier than maneuvering around to each directory for my 
   domains when I want to change the password.
 * Thanks for your help with this issue.
 *  [lucabarelli](https://wordpress.org/support/users/lucabarelli/)
 * (@lucabarelli)
 * [8 years, 7 months ago](https://wordpress.org/support/topic/access-wp-config-php-credentials/#post-9594195)
 * [@nintechnet](https://wordpress.org/support/users/nintechnet/) [@ducksportsfan](https://wordpress.org/support/users/ducksportsfan/)
   
   Great job!

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘Access WP-Config.php Credentials’ is closed to new replies.

 * ![](https://ps.w.org/ninjafirewall/assets/icon-256x256.png?rev=976137)
 * [NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall](https://wordpress.org/plugins/ninjafirewall/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/ninjafirewall/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/ninjafirewall/)
 * [Active Topics](https://wordpress.org/support/plugin/ninjafirewall/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/ninjafirewall/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/ninjafirewall/reviews/)

 * 7 replies
 * 3 participants
 * Last reply from: [lucabarelli](https://wordpress.org/support/users/lucabarelli/)
 * Last activity: [8 years, 7 months ago](https://wordpress.org/support/topic/access-wp-config-php-credentials/#post-9594195)
 * Status: resolved