• Hi! After having problems installing the stable version of WordPress I finally managed to install the latest nightly version (10-May-2004) on a Windows 2003 server.
    I was just wondering a€“ should I now delete my ‘wp-config.php’ file? Isn’t it dangerous to leave it on the website? Couldn’t someone download it and read the username and password details inside? I have installed WordPress in a folder in the root area of my server space.
    Sorry if this sounds like a silly question… thanks for this great weblog!
    Gnam

Viewing 15 replies - 1 through 15 (of 18 total)
  • Nobody can read your PHP file, don’t worry ??

    Thread Starter gnam

    (@gnam)

    Thanks – it’s just that I’m new to all this and all my php/wordpress files are in an open folder on the server.
    I thought that if I could install via browser then that meant that anyone could install and have access to my server space and content.
    :S
    Gnam

    once the WP is installed, its installed.
    run the installer script again and it will give u an error message.

    Thread Starter gnam

    (@gnam)

    Okay, thanks – I’ll now try and relax ??
    Gnam

    thou shalt never relax.
    watever the security features there might be, still do take weekly backups.

    Thread Starter gnam

    (@gnam)

    That’s a good point you bring up there!
    I chose this blog among all the others because of the great reviews and comments that I have read. It’s a very good blog indeed!
    However, I’m already looking at Radio UserLand because I like the idea of having a desktop backup of all my posts.
    How am I supposed to back up WordPress? By using the phpadmin features on my server? Am I supposed to download the Sql database?
    <hunting forums right now…>
    Gnam

    Well years ago I seem to recall that if the PHP module/interpretor is down, the web server may end up spitting out the php file as pure text. But then that’s years ago…as for a forum, why not give PunBB a try?

    Thread Starter gnam

    (@gnam)

    Hi alrescha,
    thanks for the reply.
    When I said ‘hunting for forums’ it was to say that I was scouring the WordPress forums for info on how to backup my database files ??
    I’m still not too sure a Blog is what I need – I’m now taking a look at https://www.editme.com&#8230;
    Bye,
    Gnam

    Thread Starter gnam

    (@gnam)

    Thanks Sushubh!
    ?? Gnam

    once the WP is installed, its installed.
    run the installer script again and it will give u an error message.
    Where did THAT come from? He was asking about the wp-config.php file NOT the install.php file. Big diff there bucko. One CANNOT delete the wp-config.php file as it contains the DB connection info. It would be nice if there was a better way to do it, but I haven’t got a clue as to how. And WP isn’t the only PHP “app” that I’ve used that’s done it this way.
    TG

    Thread Starter gnam

    (@gnam)

    So – can the database sql password be stolen/read from the wp-config.php file?
    WARNING: Newbie inside ??
    Gnam

    No gnam, it cannot. wp-config.php renders as a blank page in all browsers. In fact, you should not delete it, as it is a file that a lot of the pages in wordpress require.
    Think of it this way, there has to be at least one file with the database details in your files that has the info that WP would require to connect to the database to perform the operations, right? Now, that file is wp-config.php, and it should be readable by the other pages in the wp installation.
    WordPress is more secure since it asks you to edit the wp-config.php , since only you, with ftp/ssh access to your website can do the editing.

    @tg:
    My comment came in this context:
    I thought that if I could install via browser then that meant that anyone could install and have access to my server space and content.

    Thread Starter gnam

    (@gnam)

    Okay – thanks to everone. I think I get the picture now.
    ??
    Gnam

    Gnam,
    Depending on how you webhost’s configuration, other users on the same server as your shared hosting account could read the file via a shell access. It’s always better to put your admin files in a non-standard directory. Ask your webhost about this.

Viewing 15 replies - 1 through 15 (of 18 total)
  • The topic ‘Security a€“ Should I delete my ‘wp-config.php’’ is closed to new replies.