WordPress

How to Move wp-config.php for Security

Moving wp-config.php outside the web root improves WordPress security.

WordPress stores credentials in wp-config.php.

## Move It
1. Move wp-config.php one directory above WordPress
2. WordPress auto-detects it there
3. Prevents direct web access

## Alternative
Add to .htaccess:
<files wp-config.php>
order allow,deny
deny from all
</files>

## Also Disable File Editing
define('DISALLOW_FILE_EDIT', true);

Was this article helpful?