Title: protecting wp-config with WordPress below documentRoot
Last modified: August 30, 2016

---

# protecting wp-config with WordPress below documentRoot

 *  [bmrzmr2](https://wordpress.org/support/users/bmrzmr2/)
 * (@bmrzmr2)
 * [10 years, 11 months ago](https://wordpress.org/support/topic/protecting-wp-config-with-wordpress-below-documentroot/)
 * Very new to WordPress so bear with me.
 * I have an existing website who’s content, some of which I want to remain to remain
   active but not migrate to WP, and some will I will move. Why not all…. some uses
   Java Applets and on the server and haven’t found plugins that work and others
   are “historical” pages that are interesting but not worth rewriting in WP.
 * I want WP to be the initial access point for viewers and users with http links
   in WP pages/posts to the “historical’ side. So mine initial layout is:
 *     ```
       public_html (documentRoot)
            .htaccess
             web (historical pages)
             web2 (wordpress)
       ```
   
 * I have written a .htaccess with tRewrite rules to push [http://mysite.com](http://mysite.com)
   to web2/index.php.
 * What is the best way to protect wp-config.php?
 * Moving it to one directory up from web2 is no better than leaving it in web2?
 * If I move it to public_html, I can add a Rewrite for wp-config.php either to 
   deny access or to web2/index.php
 * Can easily chmod 600.
 * Anything better or stronger or problems doing it this way?
 * Thanks in advance

Viewing 1 replies (of 1 total)

 *  [leejosepho](https://wordpress.org/support/users/leejosepho/)
 * (@leejosepho)
 * [10 years, 11 months ago](https://wordpress.org/support/topic/protecting-wp-config-with-wordpress-below-documentroot/#post-6223800)
 * Obscurity and security are not the same thing, so I use BulletProof Security 
   and set the wp-config permissions to 0400.

Viewing 1 replies (of 1 total)

The topic ‘protecting wp-config with WordPress below documentRoot’ is closed to 
new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 1 reply
 * 2 participants
 * Last reply from: [leejosepho](https://wordpress.org/support/users/leejosepho/)
 * Last activity: [10 years, 11 months ago](https://wordpress.org/support/topic/protecting-wp-config-with-wordpress-below-documentroot/#post-6223800)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics