Get exclusive CAP network offers from top brands

View CAP Offers

Reply To: WordPress

[bsa_pro_ad_space id=2]
#742987
Anonymous
Inactive

Just to go back to something that was stated incorrectly.

passwords for database or anything else never should be kept in a public directory of a website, nor is there any reason to.

Passwords should be kept above the htdocs directory to that it is not open to public access. It’s much easier for a hacker to find a way to grab files/code off your live website directories than in those above. Make life harder for them.

Having spent sometime ferretting out an inside sabotuer, then preventing his outside hacks, we’ve learn a few things about vulnerabilities.

in most cases if you are running wordpress, you can find your password wp-config.php at the top, cut the lines, replace with

include “../dblogins.php”

Then put those lines in a file called dblogins.php or something similar, in a directory, above your homepage, where you can’t connect to it. Test to make sure permissions on the new file aren’t crashing the site. if everything works, your DB passwords are much more secure and you’re down, until the next update of the wp-config.php file.