Results 1 to 9 of 9
April 17th, 2010, 02:18 PM #1Really useful info for securing WordPress installs
Did you know you can actually put the configuration file for logging into your WordPress blog (wp-config.php) outside the directory where you have WP installed -- and it'll work just fine??
That's just one of the nifty tips in this information at wordpress.org that I had never seen before:
Perhaps that'll be as helpful to some of you as it was to me.
On another forum I go to regularly, there was a great deal of concern about some vulnerabilities and hacked WP installs on Network Solutions web servers. After 100+ posts on that forum, someone suggested setting permissions on wp-config.php at 750 so it was not readable by others.
That's a somewhat different issue, but reading about all that led me to the link above. I hope some of you find it as useful as I have!Generate more fake news.
April 17th, 2010, 08:20 PM #2
I don't know if I had read something like that before, but my config was already in the suggested place. However it was set to 644 and I put it to 750. All security tips are appreciated.
April 18th, 2010, 07:10 AM #3
Thanks Gary..I remember reading about the 750 permissions somewhere and thinking " I need to do that", but of course it got put on the backburner. Now it's done.Joey
Myrtle Beach SC
April 18th, 2010, 07:41 PM #4
Yeah, I've been busy setting all my wp-config.php files to 750.
I also like that tip about putting that file in a separate directory. Most of my WP installs are in root, so I've started moving wp-config.php to above the root level.Generate more fake news.
April 18th, 2010, 08:32 PM #5
You can move the wp-config.php file to the directory above your WordPress install. This means for a site installed in the root of your webspace, you can store wp-config.php outside the web-root folder. Note that wp-config.php can be stored ONE directory level above the WordPress (where wp-includes resides) installation. Also, make sure that only you (and the web server) can read this file (it generally means a 750 permission).
April 18th, 2010, 11:05 PM #6
Thanks Gary! I have set the wp-config to 750 too just now.
I have the Wp-Security Scan plugin that monitors all the permission codes but somehow this one was overlooked and not scrutinized. Strange.
I opted not to move the wp-config since I don't want to risk having problems when I upgrade to WP version. I am surprised that you were able to move all your config files and not have a problem.
April 19th, 2010, 10:29 AM #7
There are also some great security plugins available that really help secure Wordpress.
Some other tips are to change the "admin" user name to something else. Rename your database tables and change "wp_" to something else.[URL="http://www.manageaffiliatelinks.com/"][COLOR="Red"][B]Manage Affiliate Links[/B][/COLOR][/URL] - Redirect Dead, Expired, or Broken Links
[URL="http://www.wpcoupon.com/"][COLOR="Blue"][B]WP Coupon[/B][/COLOR][/URL] - Turn Wordpress into a Coupon Site!
May 7th, 2010, 07:32 PM #8
Thanks for the link. Some good info there.
May 7th, 2010, 07:40 PM #9
Good info~Rhia7 -- Remember the 7
By rwm5233 in forum Programming / Datafeeds / ToolsReplies: 6Last Post: September 3rd, 2014, 01:09 PM
By loxly in forum Blogging, Mobile and Social MediaReplies: 10Last Post: January 14th, 2010, 07:59 AM
By Kevin in forum Blogging, Mobile and Social MediaReplies: 7Last Post: December 20th, 2009, 11:56 PM
By Donuts in forum Midnight Cafe'Replies: 0Last Post: September 29th, 2005, 08:00 AM
By NameTycoon in forum Midnight Cafe'Replies: 0Last Post: November 15th, 2003, 09:01 AM