So let’s go ahead and get started. But before we do, I want to give you a little public service announcement. First, before you do any playing around with code or messing with moving files, you want to make sure that you have a current full backup. That’s a backup of both your files and your database. So before you do anything, get your full backup done.
Secondly, the moving of the wp-config.php file will not work at all – as a matter of fact, it will break your site – if your WordPress site is installed on a subdomain or if it’s a multisite setup. So that’s another reason why I want to show you another way of securing your config file by adding code to your .htaccess file just in case your WordPress site is installed on a subdirectory or is a multisite setup. Again, if it’s a subdirectory or it’s a multisite setup, do not do the moving of the config file. That will not only not work, it will break your site.
That said, let’s get to work. I’m going to be doing this within my cPanel control panel. You can do pretty much the same thing if you are using something like FileZilla or an FTP client. But for me, it’s just a lot easier to do it within file manager of my cPanel control panel. So I’ve already logged into cPanel. Click on File Manager. And here is the wp-config.php file. Now we’re not talking about the wp-config-sample.php. That’s basically just trash right now. We could just delete that and not have to worry about it, but we’ll leave it alone for now. The one we’re going to be moving is right here, wp-config.php.
Now the other way is by adding some code to your .htaccess file. Now if yours is a brand new installation of WordPress, you might not have this just yet – in which case, one way to do it is come up here and click on Create File. And name it, put a period there, htaccess, click on Create New File. That’s one way to do it. But I’ve already got one made, so I’m going to select it, and then right-click, and click on Edit. And you want to come on up here to the very top. And this is where you want to enter this code. Now, this code I’m going to be included along with this video as a separate copy-and-paste file. There’s not a whole lot to it, but just in case you don’t want to pause the video and take a chance on getting anything wrong here, I’ve got you covered. Basically, you’ve got this:
deny from all
And that’s it. Come on over here. Click on Save. Click on Close. And now nobody has access to that wp-config file except for you and anybody else that has access to your server. And that’s it. We have now added an additional layer of security to our WordPress site by securing the wp-config.php file in a couple of different ways.
And that’s going to bring us to the end of this video. Thanks for watching and you have a great day.