wp-config , ummm…just me or a huge security risk? | WordPress.org

shackrock
(@shackrock)

17 years, 1 month ago

Is it just me, or is having the password of your mySQL WP database right in a file that EVERYONE knows about not a bad thing? …anyone care to explain to me why this is (security-wise) ok?

Thanks!

Viewing 1 replies (of 1 total)

Doodlebee
(@doodlebee)

17 years, 1 month ago

Maybe everyone knows it’s there, but it’s only a security risk if the server settings are such that someone actually has access to it. It’s a PHP file that set to not display anything through the browser (try it – it’s a blank page – even in the source code). The only other way someone could get it is if they downloaded the file from your server. The only way they could do that is if your *server* settings are compromised.

If you’re truly that worried about it, place the file outside your public_html and link it in. ‘course, that may take some doing…

Viewing 1 replies (of 1 total)

The topic ‘wp-config , ummm…just me or a huge security risk?’ is closed to new replies.

Tags

wp-config

In: Developing with WordPress
1 reply
2 participants
Last reply from: Doodlebee
Last activity: 17 years, 1 month ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics