I just installed WordPress with the 5 minute quick install and was wondering about the logic of leaving the config file in a public directory.
It seems that this would be a pretty big security risk since it contains the database password. Most scripts either park this above the public root or just use the config file to pass the parameters then erase it.
Or is there something I’m overlooking with this?
- The topic ‘Security of config file information’ is closed to new replies.