Title: Security Last modified: August 20, 2016 --- # Security * [paulhk](https://wordpress.org/support/users/paulhk/) * (@paulhk) * [14 years, 10 months ago](https://wordpress.org/support/topic/security-10/) * Hi, I am new for wordpress 3.1.3. * I found the wp-config.php containing the database name and password, etc. For security, is it possible to rename this file or control the access. I also noted there are many programs to download the whole site for internet. What can I do to protect it? Viewing 4 replies - 1 through 4 (of 4 total) * [Rev. Voodoo](https://wordpress.org/support/users/rvoodoo/) * (@rvoodoo) * [14 years, 10 months ago](https://wordpress.org/support/topic/security-10/#post-2155039) * There are techniques for relocating (and possibly) renaming the file * However security through obscurity is relatively pointless, seems to be the consensus. The fact that your DB info resides in that file is of little consequence if your server is properly configured. * WordPress itself, takes security very seriously. Any exploits that are an issue of the software itself are resolved when discovered. * However, the weakest link is server configuration. Most hacks that involve WP are found to be through weak server configurations, and thus could affect any type of site, not just wordpress. * So the bottom line is, are you running your own server? Or are you hosted by someone? How seriously do they take security? * [http://codex.wordpress.org/Hardening_WordPress](http://codex.wordpress.org/Hardening_WordPress) * Has some useful info for you * Moderator [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/) * (@ipstenu) * 🏳️‍🌈 Advisor and Activist * [14 years, 10 months ago](https://wordpress.org/support/topic/security-10/#post-2155169) * > For security, is it possible to rename this file or control the access. * Yes, but … you don’t want to. * Actually, the safest thing you CAN do is to move it: [http://codex.wordpress.org/Hardening_WordPress#Securing_wp-config.php](http://codex.wordpress.org/Hardening_WordPress#Securing_wp-config.php) * Thread Starter [paulhk](https://wordpress.org/support/users/paulhk/) * (@paulhk) * [14 years, 10 months ago](https://wordpress.org/support/topic/security-10/#post-2155208) * Thanks for your helpful information. * I used the hosting services. I will carefully learn that and try to follow the instructions to harden my wordpress blog. * Regarding to move wp-config.php file to the directory above the WordPress install, I still have some questions: * 1) My WordPress files was mainly set on [http://www.domain.com/blog](http://www.domain.com/blog) with the index.php on the root directory. At this moment, the wp-config.php file was placed on the blog folder. Does it mean I can move the wp-config.php file to [http://www.domain.com/blog/configfolder](http://www.domain.com/blog/configfolder) and set to access control 750? Will the WordPresss automatically locate it? Or should I amend the wp-load.php file to add the path? * 2) The Codex mentioned to install the BlogSecurity’s WPIDS plugin (Firewall plugins) to add a generic security layer for PHP application. Is it any other problem found for this plugin? * Thanks. * Moderator [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/) * (@ipstenu) * 🏳️‍🌈 Advisor and Activist * [14 years, 10 months ago](https://wordpress.org/support/topic/security-10/#post-2155211) * If you installed WordPress in /blog, you may as well leave wp-config where it is. It SHOULD work in the main folder, but it’s no more secure at that point. Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘Security’ is closed to new replies. * In: [Everything else WordPress](https://wordpress.org/support/forum/miscellaneous/) * 4 replies * 3 participants * Last reply from: [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/) * Last activity: [14 years, 10 months ago](https://wordpress.org/support/topic/security-10/#post-2155211) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics