I just got a notice from my host telling that wp-config.php is readable and changed username and password of the mysql.
(I attached the some of text below)
What is the best chmod for wp-config.php?
During a routine review of security issues on our customers webhotels on our web servers, we have found that you have set the file permissions to the configuration file
in a way that makes the file readable for all. This file contains the
username and password of the mysql database of your webhotel. Configuration files that contains username and password should for security reasons not be readable for others.