There are techniques for relocating (and possibly) renaming the file
However security through obscurity is relatively pointless, seems to be the consensus. The fact that your DB info resides in that file is of little consequence if your server is properly configured.
WordPress itself, takes security very seriously. Any exploits that are an issue of the software itself are resolved when discovered.
However, the weakest link is server configuration. Most hacks that involve WP are found to be through weak server configurations, and thus could affect any type of site, not just wordpress.
So the bottom line is, are you running your own server? Or are you hosted by someone? How seriously do they take security?
http://codex.wordpress.org/Hardening_WordPress
Has some useful info for you
For security, is it possible to rename this file or control the access.
Yes, but … you don’t want to.
Actually, the safest thing you CAN do is to move it: http://codex.wordpress.org/Hardening_WordPress#Securing_wp-config.php
Thread Starter
paulhk
(@paulhk)
Thanks for your helpful information.
I used the hosting services. I will carefully learn that and try to follow the instructions to harden my wordpress blog.
Regarding to move wp-config.php file to the directory above the WordPress install, I still have some questions:
1) My WordPress files was mainly set on http://www.domain.com/blog with the index.php on the root directory. At this moment, the wp-config.php file was placed on the blog folder. Does it mean I can move the wp-config.php file to http://www.domain.com/blog/configfolder and set to access control 750? Will the WordPresss automatically locate it? Or should I amend the wp-load.php file to add the path?
2) The Codex mentioned to install the BlogSecurity’s WPIDS plugin (Firewall plugins) to add a generic security layer for PHP application. Is it any other problem found for this plugin?
Thanks.
If you installed WordPress in /blog, you may as well leave wp-config where it is. It SHOULD work in the main folder, but it’s no more secure at that point.
