18 Responses

1. sherif

   November 11th, 2007 at 9:30 am

   1

   Another file we need to make sure to block access to is: xmlrpc.php

   Here you can just add one more file directive for xmlrpc.php to your .htaccess file.

2. Search Engine Optimization Direct » Blog Archive » How to deny access to your wp-config.php file under WordPress …

   January 7th, 2008 at 8:56 am

   2

   [...] cpwebhosting02 article is brought to you using rss feeds.Here are some of the top articles on search engine optimization.The most common use of .htaccess in WordPress is setting custom permalink for SEO optimization. However .htaccess should be more utilized to further minimize vulnerability of your site. Here you can use the files directive to deny … [...]

3. Egor

   January 24th, 2008 at 10:18 am

   3

   Hi, was searching Google for affordable web site optimization and your blog regarding How to deny access to your wp-config.php file under WordPress installation by Tdot-Blog looks really interesting for me.
   I will definitely bookmark it and come back for more cool postings to read! Cheers!

   Egor’s last blog post..I’ve Been Working Hard Lately!

4. Sherif

   January 26th, 2008 at 10:17 am

   4

   Hi Egor
   Thanks for your comment.

   After running into some issues and headache with wordpress security, I am really glad to know, that you will be able to know and better secure your wordpress site.

   Sherif’s last blog post..2 Simple Steps to Hide WordPress Info and Better Secure Your Site.

5. bass

   February 26th, 2008 at 10:58 pm

   5

   Hi,
   for non Windows users: ‘wp-config.php’ is located in the public area, that’s mean can be accessed too by local users with telnet / rlogin service.
   To prevent: you must login with telnet/rlogin client and do like this :
   # chmod 600 wp-config.php

   bass’s last blog post..Vista SP1 berbenturan dengan beberapa produk AV pihak ketiga

6. Jeremy Gadd

   April 15th, 2008 at 2:37 am

   6

   Many thanks for this and for help received through the comments, such as the need to deny access to the .htaccess file itself. I had never really considered that.
   Are there other crucial files?

7. Sherif

   April 15th, 2008 at 10:41 pm

   7

   Hi Jeremy
   Thank you for your comment. There are other steps you can use. I have listed more here in my blog and in my ebook.
   Regards.

8. SEO package

   March 1st, 2009 at 5:49 am

   8

   You brought up a good point on SEO. That’s exellent.

   SEO package’s last blog post..Master List of Article Directories and Blogs

9. Sherif

   March 1st, 2009 at 11:05 am

   9

   Hi
   This is more a security point than a SEO.
   Thanks for writing.
   Sherif

10. How to deny access to your wp config php file under WordPress | Paid Surveys

    May 29th, 2009 at 12:32 pm

    10

    [...] How to deny access to your wp config php file under WordPress Posted by root 6 hours ago (http://tdot-blog.com) Affordable web hosting cpanel security wordpress resources and your say thank you for your comment there are other steps you can use theme by design disease hosting and blogging guide is powered by wordpress Discuss  |  Bury |  News | how to deny access to your wp config php file under wordpress [...]

11. informatique Grenoble

    May 25th, 2011 at 8:04 am

    11

    i always rename date base name and table suffix ?

    that’s another way to secure wp from attack

    thanks for the tip !

    sebastien

12. TrueColor Labs

    May 31st, 2011 at 12:56 pm

    12

    I am searching for how to include wp-config.php in my script and then I found this good article about how to protect wp-config.php.

    Thank you so much!

13. Rebuilding « A day in the life II

    July 4th, 2011 at 12:36 pm

    13

    [...] on how you do it) after each WordPress upgrade. For more information on how to do this, try this link. An even more geeky treatment is [...]

14. MaXi32

    August 2nd, 2011 at 4:16 pm

    14

    Whatever you use, if you are using shared hosting to host your files, security is 100% not secure. Another web admin can read your through their interface.

15. Michael

    August 9th, 2011 at 5:07 pm

    15

    Thanks Sherif for this advice, really useful.
    What a great bunch of comments too, cheers everyone.

16. dabe

    August 14th, 2011 at 2:54 am

    16

    anyone who knows how to hide wp-config.php to a non-www location using vdeck?

17. wparena

    March 18th, 2012 at 8:22 pm

    17

    Although I know these, but you explained it a well and easy manner… Good for newbies.

18. Harikrishna

    July 20th, 2012 at 10:08 pm

    18

    Thanks a ton. This is something which I need to very badly …. Thanks a lot.