Moving wp-config.php To A Private Directory
Posted by Keith LuntMar 28
I am sure that plenty of people, like me, want to move the wp-config folder to a more secure and private directory to keep it out of the way of prying eyes.
And here it is not just hackers – maybe it would be best that other users with FTP access and so on should not see the contents and be able to change them.
However, all that WordPress allows you to do is to shove the config file up one level, e.g. from mysite.com/blog to mysite.com. Yes, it hides it, but does it really help?
So I have developed a little script here that can sort out the problem. For example, in my hosting there is a public directory into which the files are stored and a private directory that can only be accessed by FTP or from a call within a script from a relative path.
Now normally I’d call it simple by ‘../private/myscript.php’, however with WordPress we don’t know whether we are in the blog or deep in some convoluted file structure, for example /2011/march/28/ etc. So we have to work out how many directories into the site we are to give a relative path to the private directory.
So here’s what I did. I moved wp-config.php to my private directory and replaced it with this code. Just check your permissions to make sure that only you can read / write the file and everyone else can only execute it. There is also a check towards the end that the wp-config is being called from only our site, just in case a hacker gets clever there…
<?php
$found = substr_count($_SERVER['SCRIPT_NAME'],’/');
$i=0;
$myroot = ”;
while ($i
{$myroot .= ‘../’; $i++;}
$togo = array (‘http:’, ‘/’, ‘www.’);
$thisserver = str_replace($togo, ”, strtolower($_SERVER['SERVER_NAME']) ) ;
if ($thisserver == ‘howtostartmyblog.com’)
{require_once($myroot.”private/wp-config.php”);}
?>
If you want to keep up with our latest posts, just follow us on our RSS feed, join our weekly newsletter or follow us over at Twitter. Please do join in - it is totally free and only the best posts are passed to you!
Also, leave a comment below. We are a 'DoFollow' blog, so it is well worth your time. Thanks for calling in.
-
Protect Your Blog By Not Telling People Who Powers It OK, a very simple measure and it is quite easy in actual fact to work out that you are using...
How to set up a blog on my website Setting up a blog on your website should only take a few minutes and the return can be hundreds of...
How To Set Up A Blog On My Website Setting up a blog on your website is a good way to keep in contact with customers, keep your website...
Adding A Blog To Your Website Adding a blog to your existing website is an excellent way of increasing your website traffic and communicating often with...
How To Set-Up A Blog On My Website Setting up a blog on an existing website is easy! There are loads of good reasons for doing this, so...
Login Lockdown Does Not Always Work! I do not know quite what made me do it, but I went to the admin logon screen of one...
Leave a Reply