password in wp-config.php

  • citeewurkor

    (@citeewurkor)


    20 years ago

    hi,
    so I was amazed that it really took me only five minutes to install WP. Question, though:
    my database password is located in wp-config.php.
    Is that secure?
    I mean, I put the path to my wp-config.php in my web browser, and came up with a blank page, but would it be possible for someone to hack into this and steal my db password?

Viewing 15 replies - 1 through 15 (of 16 total)
  • Moderator James Huff

    (@macmanx)

    No one will see the information inside your wp-config.php file unless they have FTP access to your files.

    Thread Starter citeewurkor

    (@citeewurkor)

    Thanks! That’s what I needed to know!

    Anonymous

    Hi!
    The sistem don’t reconozid the password and it is good!!! What Can I do??

    Which password ?

    Anonymous

    Sorry.
    I put this in the browser: https://mypage.com/wp-admin/install.php and and salt this error: Parse error: parse error, unexpected T_STRING in /home/virtual/sitio24900/www/wp-config.php on line 25
    The line 25 is the password of the wp-config.php but my password isn’t wrong!
    What happens?

    Check that line carefully.
    You’ve missed something like a ‘ or : or ) or ;

    Anonymous

    i got this after installation and the move to the adimn log-in.
    Parse error: parse error, unexpected T_STRING, expecting ‘,’ or ‘;’ in /homepages/43/d86796165/htdocs/wordpress/wp-admin/post.php on line 1045
    what “or”??
    hell, I don’t know anything about php

    I would delete ‘post.php’ and reupload it.
    Could be an ftp error.

    Anonymous

    thanx
    OK I’ll try that.
    sorry for my “anonymous” and my bad english.
    I’m in too much forum discussions and I WANT to get wordpress runnning.

    Anonymous

    YES, yes,yes!!
    that worked.
    thank you very much indeed….
    and now I’m gonna find out what to do with it and how to at an fantastic sytle to my blog :))
    markus

    Anonymous

    .. and maybe one day I’ll learn to type tings more correctly…
    add a new style…
    markus

    Anonymous

    arrghh
    m.

    …bump…

    Before “anonymous” rushed in, there was an interesting thread going:

    wp-config.php and security

    I am aware that under *normal* circumstances the wp-config.php wouldn’t display in the browser, but what happens if someone manages to find a loophole elsewhere to display the contents of the file. Passwords in clear text on a webserver, doesn’t sound like a good idea.

    Since WP is now seeing a proliferation in usage through the promotion by large webhosting companies (Lycos just to name one), it would be the right time to think about security again and to see if there is room for improvement.
    On the other hand I guess, large webhosting providers wouldn’t encourage the use of WP on their servers if it wasn’t safe – but better is always the enemy of good. Is good, good enough?

    Moderator James Huff

    (@macmanx)

    The “loop hole” would have to be in PHP itself, not WordPress, as this is the default behavior of PHP. Such PHP holes are usually plugged rather quickly.

    Enabling the exec() command in PHP can be one big loop hole. Is it not possible to put the password in some encoded form on a completely separate file?!

Viewing 15 replies - 1 through 15 (of 16 total)
  • The topic ‘password in wp-config.php’ is closed to new replies.