How to secure the wp-config.php configuration file in WordPress?

Many business owners are concerned about the security of their WordPress sites. Because WordPress is such a popular CMS, it has been targeted by hackers due to a weakness in a theme or plugin. You must understand how to protect your WordPress website from being hacked.

So there are a two steps that we're going to go through to secure this file.

1) Move wp-config.php

In any WordPress site, the wp-config file has a default location. Hence changing the file location can prevent it from falling into the hand of the hackers. Fortunately, WordPress allows the ‘wp-config’ folder to reside outside your WordPress installation. For instance, if your WordPress is installed in the public_html folder, then the config file will be present in the public_html folder by default. But you can move the wp-config outside the public_html folder and it’ll still work.

2) Disable Theme/Plugins Files Editing.

There is an option to edit the plugin/theme file in the WordPress dashboard. This means that with access to the dashboard and sufficient permission anyone can edit your themes or plugins.You can prevent this from happening and secure your WordPress site by disabling the option to edit these files. Simply place the following code in your WordPress config file:

[code]define(‘DISALLOW_FILE_EDIT’,true);[/code]