This is All About Securing Your wp-config.php its help you to Save your WordPress blogs from hackers and symlinking attacks, Here is simple script listed below which will disable or hide your Mysql database from all users it will let you hide easily using .htaccess editor.
What is Symlinks ?
Hackers use this attack to for hacking wordpress , forums or any CMS they fine a vulnerable site from a server and they hack into the site they find others sites database and birng it into that, there is some php shell scripts which hack do symlinks. This is little definition of symlink attack.
How to protect your WordPress wp-config.php file:
- Download or Edit your .htaccess file from the server. This is located in the same section as your wp-config.php or index.php file. (If you don’t have an .htaccess file, then you will need to create one, see directions below). the .htaccess file will be in root directory if it is not then create new one.
- Using a text editor, like Notepad, open your .htaccess file.
- Copy and paste the following code into your .htaccess file to deny access to your wp-config.php file.
# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>
When saving your changes using “Notepad,” make sure that you change the “Save as type” dropdown to “All Files” so that it does not change your .htaccess file into a .txt file.
How to create your own .htaccess file:
- Open up “Notepad” on your computer.
- Copy and paste the code to deny access to your wp-config.php file (see above).
- Click on File > Save As >
- Change File Name to .htaccess
- In the “Save as type” dropdown, change to “All Files.”
- Upload this file to your server in the top-level of your WordPress files are (index.php, wp-app.php, wp-config.php, etc.).
