Security Tips to Configure wp-config in WordPress Hosting

The wp-config.php file is the most critical file to protect your site. It contains your username, password, and database name (among other things) for your WordPress install and, by default, is accessible from any web browser.

The wp-config.php file is a standard part of your WordPress installation. It defines the configuration settings required to access your MySQL database. If you’re self-hosting WordPress, there’s no way of avoiding using it.

It’s your job to protect it! You certainly don’t want this file falling into the wrong hands in the event of a server problem. You can watch it by encrypting its content when you upload and denying access.

There are two ways to protect the wp-config.php file from prying eyes and hackers efficiently. Both methods require you to have Sftp or server-level access. Also, turn off any caching plugins you may be using before attempting these steps.

Move wp-config.php up one directory: This is the easiest way, assuming you’re comfortable moving files on your server. Essentially, this works by taking wp-config.php and moving it outside the public realm (typically one level above /public_html).

Modify your .htaccess or .conf file: This option is slightly more advanced and requires running Apache or Nginx. You’ll need to edit your .htaccess file (Apache) or nginx.conf (Nginx) using a text editor. Be careful not to alter any other code in this file; otherwise, your site may break.

Copy and paste the following code into your .htaccess file to deny access to your wp-config.php file.

# protect wpconfig.php
order allow,deny
deny from all

When saving your changes using “Notepad,” make sure that you change the “Save as type” dropdown to “All Files” so that it does not change your .htaccess file into a .txt file.

How to Secure WordPress Website

WordPress is a content management system that helps create attractive websites or blogs. It is essential to secure your WordPress website from attackers and annoying users who want to hack your admin area.

To increase your security areas, there are some actions through which you can protect your WordPress.

1. Use a good Password: To secure your password, you should use combinations of upper case and lower case letters, numbers and unique characteristics in a password. Name and company names are lousy passwords because it is straightforward to hack them.

2. Never use admin as a user name: User names in WordPress can be identified easily. Using ‘Admin’ as a username may disclose your privacy. Use another user name which cannot be guessed or hacked by an attacker.

3. Update website Plugins and CMS: Keeping Plugins and CMS current to avoid security issues of previous versions. Update CMS and adding new features will keep your WordPress site bug-free. To enhance WordPress, you need to add, delete and replace files manually or automatically.

4. Using a Security Plugin: Good WordPress Plugins like All in One WP Security and Firewall, Sucuri-Sanncer or Bullet-Proof Security enable the blocking of invalid login attempts from the website’s back-end. These plugins allow the renaming of website back-end login URLs with different names.

5. Secure hosting infrastructure must be provided by hosting providers: you and your WordPress hosting provider should ensure your WordPress website’s security. So make sure how web hosting provider can secure your WordPress website installation.

6. Backup Website: If new content is added frequently, a backup should be done once a week. If no new content is added, then once a month is required. Website hosting control panel is a much better alternative than plugins. The hosting provider will give more details regarding the backup. You are free to ask the hosting provider for help.

7. Monitor your website: Services like Pingdom check your website and receive emails or alerts when the website goes offline.

8. Avoid free website themes and plugins: These can allow attackers to break website privacy. Generally, Paid articles take time to design and are more secure as they develop in an account.

9. Don’t allow commenting: An attacker might access the website’s back end through comment boxes. It can cause a significant risk regarding security. To avoid commenting in the WordPress settings and on individual pages under discussion settings.

10. Disable user registrations: Enabling user registration can lead to hacking. So, user registration should be turned off on the website.