I am trying to figure out a way to protect the MySql login credentials in the wp-config.php file from prying eyes. It is protected via the .htaccess file from being read via browsing http://site/wordpress/wp-config.php, but I am concerned with the other users of my ISP being able to read it when they are logged in to a shell server. If I set mode 600 on wp-config.pgp then Apache ( which is running non-privileged) can't read it. The ISP (Sonic.net) recommends placing sensitive files such as those containing login credentials in another directory, removing world read access and accessing them via php in cgi mode.
I'm not sure if I should try to wrap the entire /wordpress directory or if I should try to separate all or part of wp-config.php and wrap it separately. There seems to be quite a few other files that call wp-config.php that I would need to change to the new path if I move it so that doesn't seem like a good idea for a number of reasons.
If anyone who has set WordPress up to mitigate this vulnerability can clue me in, I'd mightily appreciate it.