Results 1 to 9 of 9
  1. #1
    ABW Ambassador writerguy's Avatar
    Join Date
    January 17th, 2005
    Location
    Springfield, Missouri, USA
    Posts
    3,248
    Really useful info for securing WordPress installs
    Did you know you can actually put the configuration file for logging into your WordPress blog (wp-config.php) outside the directory where you have WP installed -- and it'll work just fine??

    That's just one of the nifty tips in this information at wordpress.org that I had never seen before:

    http://codex.wordpress.org/Hardening..._wp-config.php

    Perhaps that'll be as helpful to some of you as it was to me.

    On another forum I go to regularly, there was a great deal of concern about some vulnerabilities and hacked WP installs on Network Solutions web servers. After 100+ posts on that forum, someone suggested setting permissions on wp-config.php at 750 so it was not readable by others.

    That's a somewhat different issue, but reading about all that led me to the link above. I hope some of you find it as useful as I have!
    Generate more fake news.

  2. Thanks From:

  3. #2
    Comfortably Numb John Powell's Avatar
    Join Date
    October 17th, 2005
    Location
    Bayou Country, LA
    Posts
    3,432
    I don't know if I had read something like that before, but my config was already in the suggested place. However it was set to 644 and I put it to 750. All security tips are appreciated.


  4. #3
    ABW Ambassador beachcom's Avatar
    Join Date
    May 11th, 2006
    Location
    Myrtle Beach SC
    Posts
    723
    Thanks Gary..I remember reading about the 750 permissions somewhere and thinking " I need to do that", but of course it got put on the backburner. Now it's done.

  5. #4
    ABW Ambassador writerguy's Avatar
    Join Date
    January 17th, 2005
    Location
    Springfield, Missouri, USA
    Posts
    3,248
    Yeah, I've been busy setting all my wp-config.php files to 750.

    I also like that tip about putting that file in a separate directory. Most of my WP installs are in root, so I've started moving wp-config.php to above the root level.
    Generate more fake news.

  6. #5
    Comfortably Numb John Powell's Avatar
    Join Date
    October 17th, 2005
    Location
    Bayou Country, LA
    Posts
    3,432
    Quote Originally Posted by writerguy View Post
    Yeah, I've been busy setting all my wp-config.php files to 750.

    I also like that tip about putting that file in a separate directory. Most of my WP installs are in root, so I've started moving wp-config.php to above the root level.
    This placement has confused me a bit. From the codex where your link lead:
    Securing wp-config.php

    You can move the wp-config.php file to the directory above your WordPress install. This means for a site installed in the root of your webspace, you can store wp-config.php outside the web-root folder. Note that wp-config.php can be stored ONE directory level above the WordPress (where wp-includes resides) installation. Also, make sure that only you (and the web server) can read this file (it generally means a 750 permission).
    Now my WP is installed in root and wp-config.php is where /wp-includes/ resides. If I move it I would expect to change the path to it somewhere in the setup. I don't see any mention of this.


  7. #6
    ABW Ambassador ladidah's Avatar
    Join Date
    October 15th, 2007
    Location
    MA
    Posts
    1,888
    Thanks Gary! I have set the wp-config to 750 too just now.
    I have the Wp-Security Scan plugin that monitors all the permission codes but somehow this one was overlooked and not scrutinized. Strange.

    I opted not to move the wp-config since I don't want to risk having problems when I upgrade to WP version. I am surprised that you were able to move all your config files and not have a problem.

  8. #7
    Affiliate Manager ParadigmWilliam's Avatar
    Join Date
    September 23rd, 2007
    Posts
    364
    There are also some great security plugins available that really help secure Wordpress.

    Some other tips are to change the "admin" user name to something else. Rename your database tables and change "wp_" to something else.
    [URL="http://www.manageaffiliatelinks.com/"][COLOR="Red"][B]Manage Affiliate Links[/B][/COLOR][/URL] - Redirect Dead, Expired, or Broken Links

    [URL="http://www.wpcoupon.com/"][COLOR="Blue"][B]WP Coupon[/B][/COLOR][/URL] - Turn Wordpress into a Coupon Site!

  9. #8
    Grandma broke her coccyx! Uncle Rico's Avatar
    Join Date
    May 8th, 2007
    Location
    North Carolina
    Posts
    2,238
    Thanks for the link. Some good info there.

  10. #9
    What's the word? Rhia7's Avatar
    Join Date
    January 13th, 2006
    Posts
    9,578
    Good info
    ~Rhia7 -- Remember the 7
    Twitter me

  11. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Securing Direct Links!
    By rwm5233 in forum Programming / Datafeeds / Tools
    Replies: 6
    Last Post: September 3rd, 2014, 02:09 PM
  2. First steps when you install Wordpress and to make existing installs more secure
    By loxly in forum Blogging, Mobile and Social Media
    Replies: 10
    Last Post: January 14th, 2010, 08:59 AM
  3. Wordpress Installs defaulting to Private?
    By Kevin in forum Blogging, Mobile and Social Media
    Replies: 7
    Last Post: December 21st, 2009, 12:56 AM
  4. Securing Windows XP
    By Donuts in forum Midnight Cafe'
    Replies: 0
    Last Post: September 29th, 2005, 09:00 AM
  5. Lingeries.info Beauty-Supply.info Web-Designs.info + more!
    By NameTycoon in forum Midnight Cafe'
    Replies: 0
    Last Post: November 15th, 2003, 10:01 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •