Sensitive info visible in wp-config.php (4 posts)

  1. faisalm
    Posted 12 years ago #

    Currently my wp-config.php file is readable by the world, and it contains my db name, db user name and db password. I tried changing the permissions to 640, but I encountered access issues with WordPress then, so it appears that this file needs to be world readable. Is there a way to not show this info to anyone who wishes to view it?

  2. Nick Momrik
    Posted 12 years ago #

    I have mine set to 600 and have never had a problem.

  3. Matt Mullenweg
    Posted 12 years ago #

    This is not an issue with WordPress, this is an issue with how your web server is set up. If this concerns you then contact your systems administrator.

  4. MisterX
    Posted 12 years ago #

    I have mine set w/ 644 Is that a potential security issue?

Topic Closed

This topic has been closed to new replies.

About this Topic


No tags yet.