Security a€“ Should I delete my ‘wp-config.php’

  • Hi! After having problems installing the stable version of WordPress I finally managed to install the latest nightly version (10-May-2004) on a Windows 2003 server.
    I was just wondering a€“ should I now delete my ‘wp-config.php’ file? Isn’t it dangerous to leave it on the website? Couldn’t someone download it and read the username and password details inside? I have installed WordPress in a folder in the root area of my server space.
    Sorry if this sounds like a silly question… thanks for this great weblog!
    Gnam

Viewing 3 replies - 16 through 18 (of 18 total)

  • I am not agree about security in wp-config.php.
    In wp-config.php, our passwords are always visible for the admins and, for example, if an error about Apache/PHP configuration occurs, code of php pages can be visible for visitors. It’s very dangerous.

    I think There should be a solution for that, right?

    “In wp-config.php, our passwords are always visible for the admins “

    Which admins ?
    If you mean domain admins then their power to disrupt your site is much wider than a password.

    Apache/PHP error – possibly I suppose. But in the two years I’ve been hanging around here and the two years in which tens of thousands of WP blogs have been used I have not yet seen it reported.

    ‘very dangerous’ ? I’d say it’s a risk but a very very tiny one. Having a poor/weak password is worse.

    Yes, I know that an Apache/PHP error is not very probable but it’s possible, no?

    I’m searching the way to connect with mysql passing a md5 password but I don’t know if it’s possible.

    Maybe, I am a little crazy (xD) but I think the password (and protect it) is the most important thing is a website. The other things in a website or blog are public and I can do a backup.

Viewing 3 replies - 16 through 18 (of 18 total)
  • The topic ‘Security a€“ Should I delete my ‘wp-config.php’’ is closed to new replies.