I would like to put the config script, with all the passwords to my web site, in a more secure location. I have heard that one should put connection scripts below the site root or in a cgi folder. I would like to put mine below the root probably. Someone else on a forum already said, "oh it's perfectly secure" but I'm a worrier, and it seems like anyone who has WordPress would know exactly where to find the config script and what it was called unless I change it. There must be a simple way to change the urls to the page, or to do a require for the password stuff which is in another page, but so far I have only gotten the require to work when the other page is in the same folder. I'm a beginner at PHP. Has someone already done something like this and can explain how to do it?