Battening Down The Respective Hatches

One thing that always bugged me about WordPress is that you need to keep the wp-config.php file in your document root.

I started digging a bit to see if there were any elegant solutions to this (some people had some decent hacks/options) but I found out that as of v2.6 that you can move your wp-config.php file up a level and WP should find it fine. That’s awesome! I’m surprised it took them that long to implement something like that – but better late than never and all that.

Upon discovering this news, I went through and moved all of my wp-config.php files up a level outside of the document root. I even modified some of the file structures on my server to better accommodate this change. I think the added security is worth it. The last thing I need is an open door for pwnage.

The only problem is for people that don’t install WP in their document root. If you install it deeper, then moving the wp-config.php up a level solves nothing. In those cases, users should definitely pay close attention to file permissions and consider other security measures – such as .htaccess edits to deny access to wp-config.php and modifying wp-config.php to include/require a file outside of your document root with your DB details in it.

You can never be too safe.

Leave a comment | Trackback
Feb 5th, 2009 | Posted in Site News
No comments yet.

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
RSS for comments on this post