Among the root files WordPress content management system there is a file called wp-config.php which plays a very important role on your website. In this tutorial, we talk about how to improve security of wp-config.php file in WordPress. At the end of this tutorial, you need to know how you can protect the wp-config.php file in WordPress and put it in its proper place!
Security of wp-config.php in WordPress
The wp-config.php file in your host has valuable information that can destroy your website if disclosed. This information includes site database information and all the commands you enter for your website. You can implement several approaches to keep the wp-config.php file safe in WordPress, which will be explained one by one:
Tip: At first, a very important note should be taken into account, as well as the fact that you must back up your data and your site before starting to work.
Approach 1: change the main location of the wp-config.php file on your website
The location of the wp-config.php file in your host is at
Home—> user —> public_html —> wp-config.php
This change of location will increase the security of the wp-config.php file in WordPress. To change its location, you must first log in to the admin section and then locate the wp-config.php file in the given address and, after finding it; you should right-click on this file and select the move option. In the dialog box opened, you must clear the address placed in the dialog box before’’/’’ initializing and then transfer the file.
When you move the file in the dialog move all the addresses delete to reach ’’ / ‘’, this means that you want to move your file to a folder above public_html. You actually redirect this file to a non-public folder. Also, if you see wp-config-sample.php in your public_html folder on your site, also delete it.
Tip: Of course, the crucial point is that this solution is used only for the main domain and is not used in subdomains.
Approach 2: improve security of wp-config using htaccess
The second approach to improve security of wp-config in WordPress is a bit more complicated than the first one, but it can be very useful. In the second method, you’ll first have to find the htaccess file on your host root, which is hidden in some of the servers, which you can disable from your hosting management section.
After finding it, you need to add the following code at the end of this file:
So far, you’ve learned two methods How to improve security of wp-config.php file. Great job!