I’m very new to PHP but I’ve been taught that files like wp-config.php which contain database passwords etc. should not be stored in the publicly-accessible directory heirarchy.
If PHP stopped running on my web host, and you tried to run wp-config.php in your browser (and lets face it, every hacker and his dog knows that all WordPress installations have one) wouldn’t the browser display it as a plain text file ?
Should files like that be moved above the public heirarchy and
included ? That way if PHP disappears, all you’d see of wp-config.php is an
Am I missing something here through my lack of PHP experience or is WP cleverly crafted to avoid this kind of issue ?
- The topic ‘Security question about wp-config.php’ is closed to new replies.