Support » Requests and Feedback » different place for config script

  • Resolved miriams


    I would like to put the config script, with all the passwords to my web site, in a more secure location. I have heard that one should put connection scripts below the site root or in a cgi folder. I would like to put mine below the root probably. Someone else on a forum already said, “oh it’s perfectly secure” but I’m a worrier, and it seems like anyone who has WordPress would know exactly where to find the config script and what it was called unless I change it. There must be a simple way to change the urls to the page, or to do a require for the password stuff which is in another page, but so far I have only gotten the require to work when the other page is in the same folder. I’m a beginner at PHP. Has someone already done something like this and can explain how to do it?

Viewing 6 replies - 1 through 6 (of 6 total)
  • Here’s my config file:

    You’re welcome to steal all of my passwords and stuff out of it. 🙂

    But seriously, there’s no way to see the contents of that file or any other PHP file for that matter from a browser. I think you’re just worrying too much. 🙂

    But if you REALLY wanted to do it still for some reason, I’d say the easiest is to copy it to somewhere else and then put this in your current wp-config.php:

    <?php require('/full/path/to/the/file/whatever.php'); ?>

    Your current path would probably be like /home/account/public_html/wordpress/wp-config.php, so just do like /home/account/whatever.php.

    I tried something like that. The path I used was relative, maybe that was my mistake. It worked when was in the same folder as the config script, but I think the problem when I put it below the site root was something to do with pages accessing it from different levels, or else something weird with a require inside a required bit. I don’t know that much about PHP. I’ll try it again with an absolute path.





    actually, with the path done properly, configuration files do NOT even need to be web accessable, that is to say you can place them above your www_root. php doesnt require they be web acc. just that they be locatable on the box.

    Could you explain that more please? Is there a way to make a file definitly not web accessible? I know if I typed in a PHP page I wouldn’t see anything, but is there a way to make the page “not web accessible”, like with permissions or something?

    The new path with the require does seem to work. Thanks!




    miriams, yes…

    you can place it anywhere : ie, you could have it in the directory ABOVE your web site.

    php doesnt care, as long as you tell it where to look for the file.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘different place for config script’ is closed to new replies.