Support » Fixing WordPress » Where should wp-config.php be?

  • Resolved StoneChopper


    After found being hacked, I deleted some php documents that are secretly put in my website. Here comes 2 questions.

    1. However, I find two wp-config.php,one is in the main file; the other is in the admin file. Should I Keep them both? or delete one? If delete, which one?
    2. I also find a install.php in the main file. Should I delete it?

    Please help!
    Many thanks.

Viewing 4 replies - 1 through 4 (of 4 total)
  • wp-config. should be in the folder that has your wp-admin, wp-content, wp-includes folders,etc. Download a copy of WordPress and look at it…..

    Drew Jaynes


    WordPress Core Developer

    Hi StoneChopper,

    Actually, I’d suggest backing up both copies of wp-config.php then moving the correct one (based on your database credentials) into your site’s root folder. You’ll want to make sure there’s no janky looking code at the top of the file left over from the hack. The reason I suggest backing them both up is in case one or the other isn’t real, then you have both.

    It’s also possible to generally store your wp-config.php file outside your site’s root folder, and you can read more about it in the Hardening WordPress Codex article.

    Best of luck!

    Hi, AndyImages
    Thank you very much for your reply. That is what I am thinking an doing, but very confused of the other one.

    Hi, Drew Jaynes
    Thank you so much for the informative reply.
    Yes, I backed up one and kept the other one in the root folder. I compared the two, only find out the secret keys are different. So I updated the key.
    I will read your suggested article. I ‘ve learned a lot recently from people like you.
    Thanks again.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Where should wp-config.php be?’ is closed to new replies.