Knowledge Base
MilesWeb / WordPress FAQ

Learn to Deny Access to Your wp-config.php File Under WordPress Installation

Approx. read time : 2 min

Is your wp-config.php file secure? You can deny access to this file by following simple steps.

Steps to Deny Access to Your wp-config.php File Under WordPress Installation

  1. You will find your wp-config.php in the main directory of your WordPress installation and it is used to access the database.
  2. In this file comprises of your user id, password and database name in unencrypted format.
  3. Though it might be a .php file and no one should be able to see its content from the browser, you shouldn’t keep it in the main folder without doing anything about it.
  4. .htaccess in WordPress is commonly used to setup custom permalink for better SEO optimization. But you can utilize .htaccess to minimize vulnerability of your site.
  5. It is good to update your .htaccess to deny access to it. Here, files directive can be used to deny access to certain files. This directive can be used for any file on your website.
  6. Simply add the below code to your .htaccess present under the www directory:

Here “deny all” will deny the access to wp-config.php for all.

Also Read:
Everything You Need to Know About wp-config.php

Pallavi is a Digital Marketing Executive at MilesWeb and has an experience of over 4 years in content development. She is interested in writing engaging content on business, technology, web hosting and other topics related to information technology.
Need help? We’re always here for you.