Support » Developing with WordPress » wp-config , ummm…just me or a huge security risk?

  • Is it just me, or is having the password of your mySQL WP database right in a file that EVERYONE knows about not a bad thing? …anyone care to explain to me why this is (security-wise) ok?

    Thanks!

Viewing 1 replies (of 1 total)
  • Maybe everyone knows it’s there, but it’s only a security risk if the server settings are such that someone actually has access to it. It’s a PHP file that set to not display anything through the browser (try it – it’s a blank page – even in the source code). The only other way someone could get it is if they downloaded the file from your server. The only way they could do that is if your *server* settings are compromised.

    If you’re truly that worried about it, place the file outside your public_html and link it in. ‘course, that may take some doing…

Viewing 1 replies (of 1 total)
  • The topic ‘wp-config , ummm…just me or a huge security risk?’ is closed to new replies.