The 15 Second WordPress Security Fix Everyone Should Do

  Posted On: October 31, 2012  |    Posted by: Mick  |    Posted In: Uncategorized

One of the biggest holes in WordPress security is the configuration file, known as wp-config.php. This handy file is what controls all of your WordPress settings, and it’s what connects the ever important database to your WordPress theme, plugin, and system files. The most frustrating thing about the wp-config file is that, while it is a nice and easy spot to force changes, it’s also very insecure. This is largely because WordPress doesn’t store the sensitive information such as the Database Name, Username, or even the Password in a secure way. It stores everything in plain text as if you wrote it out in Notepad.

Due to this fact, WordPress has built in a nifty little feature by default – but they oddly don’t mention it much, and many people are unaware that it’s possible. It takes about 15 seconds to administer with almost no configuration at all, and it instantly boost the security of your WordPress install by  a landslide.  Here’s how you do it.

What we are going to do is move the wp-config.php file outside of the public_html directory. This essentially means that even though the file is stored in plan text, it’s no longer accessible via web browser. This completely stops all possible attackers from accessing this file via http methods alone. The only way they’d be able to access this information now is if they had direct access to your server; and if that’s the case, well, WordPress being secure is probably the least of your worries!

Please keep in mind we do have some ground rules for this security mod, which might be why WordPress doesn’t often talk about it openly. Your WordPress install must be the main install of your cPanel, must not be a multisite, must not be an “addon domaon”, and must not be a installed in a sub directory.

If you just a have a standard issue, nothing-too-crazy WordPress install, then keep on reading.  If not, try taking a peak around the site –  I have many other security tips for you to look at!

If you’ve determined that you do qualify for this handy trick, the first thing you’ll want to do is fire up your cPanel account and visit the File Manager:

Once in your File Manager, locate the php file wp-config.php and select it once with your mouse:

Now that we’ve got the wp-config file singled out, locate the Move button at the top of cPanel and select it:

In the next box that pops up, erase everything and type simply erase everything so only the “/” at the end near the house is left:

Once you’ve got that set, hit the Move File(s) button and rejoice! That’s all it takes! As long as your WordPress is a standard install and the main account of your cPanel slice you are completely set. WordPress has already been configured from day 1 to understand the logic of having the configuration file outside of the public_html by one level.

Enjoy your new found security!


Warning: count(): Parameter must be an array or an object that implements Countable in /srv/users/serverpilot/apps/mickolinik/public/wp-content/plugins/testimonials-by-woothemes/classes/class-woothemes-widget-testimonials.php on line 87

Warning: count(): Parameter must be an array or an object that implements Countable in /srv/users/serverpilot/apps/mickolinik/public/wp-content/plugins/testimonials-by-woothemes/classes/class-woothemes-widget-testimonials.php on line 88

Warning: count(): Parameter must be an array or an object that implements Countable in /srv/users/serverpilot/apps/mickolinik/public/wp-content/plugins/testimonials-by-woothemes/classes/class-woothemes-widget-testimonials.php on line 89

Warning: count(): Parameter must be an array or an object that implements Countable in /srv/users/serverpilot/apps/mickolinik/public/wp-content/plugins/testimonials-by-woothemes/classes/class-woothemes-widget-testimonials.php on line 90

Praise

Mick and his ream really are RockStars! Mick has gone way beyond any past web design/development team and has made our business run much more smoothly!

Copyright Mick Olinik 2024 | All Rights Reserved.