There are many ways to harden your WordPress install. From changing the prefix of your WordPress tables, keeping WordPress and your plugin-ins updated to deleting the admin account.
I recently read a tutorial detailing how to spend 5 minutes to making WordPress more secure. One of the items mentioned was moving wp-config.php up one level so that it sits above the public_html folder. It’s easy to do but is not applicable to everyone running WordPress. Apparently it doesn’t work if you installed WordPress in a sub-directory or as an add-on domain in cPanel. I would speculate that those two criteria alone would impact a ton of people thereby not being a solution for the masses. If this option works for you then go spend 30 seconds making the change. You”ll be glad you did. If it doesn’t work for you continue reading for another 30 second method to secure WordPress by editing the wp-config.php file.
Reading through the documentation on the WordPress Codex site I found the following statement:
Note that if you are on a shared-server the permissions of your wp-config.php should be 750. It means that no other user will be able to read your database username and password. If you have FTP or shell access, do the following:
chmod 750 wp-config.php
The image below shows the wp-config.php file attributes recommended by in the Codex documentation.
So take 30 seconds and get your hands on wp-config.php and edit the file permissions to 750.
So there you have it. 30 seconds to a more secure WordPress installation. If you have 5 minutes to spend (make the time) on securing your WordPress installation, I highly recommend you read ProBlogger’s article titled spend 5 minutes to making WordPress more secure.
Good to know! Mine was set to 644! Yikes! Thanks for the tip.
You’re welcome Jared. I was shocked to find all of my sites having 644 too. The article I mentioned in my post also has some good pointers. You should have a look to see if there are any other settings that need tweaking.
Cheers,
rick