Move the wp-config.php file
Posted: Sun Jan 05, 2025 6:36 am
By default, your wp-config.php file is located in the root directory of your WordPress installation (the /public HTML folder). But you can move it to a directory that is not www accessible. Aaron Adams wrote a great explanation of why this is useful. To move the file, wp-config.php, simply copy everything from it to another file. Then, in the file, wp-config.php you can put the following snippet to simply include your other file. Note: The directory path may vary depending on your host and settings. Typically, it's just one directory up.
<?php
include('/home/yourname/wp-config.php');
Note: This will not work for Kinsta customers and will break functionality on our platform. This is because our open_basedir restrictions prevent PHP from running above the gambling data singapore directory ~/public for security reasons. The good news is that we solve this problem for you! We do essentially the same thing by blocking access to wp-login.php the ~/public. Our default Nginx configuration includes a rule that will return a 403 on any attempt to access the wp-config.php.
Updating WordPress Security Keys
WordPress security keys are a set of random values that improve encryption of information stored in user cookies. As of WordPress 2.7, there are 4 different keys: AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY and NONCE_KEY. When you install WordPress, these keys are randomly generated. However, if you have gone through multiple migrations (check out our list of the best WordPress migration plugins) or purchased a site from someone else, it may be useful to generate fresh WordPress keys.
WordPress Security Keys
WordPress has a free tool that you can use to generate random keys. You can update the current keys that are stored in the wp-config.php file.
<?php
include('/home/yourname/wp-config.php');
Note: This will not work for Kinsta customers and will break functionality on our platform. This is because our open_basedir restrictions prevent PHP from running above the gambling data singapore directory ~/public for security reasons. The good news is that we solve this problem for you! We do essentially the same thing by blocking access to wp-login.php the ~/public. Our default Nginx configuration includes a rule that will return a 403 on any attempt to access the wp-config.php.
Updating WordPress Security Keys
WordPress security keys are a set of random values that improve encryption of information stored in user cookies. As of WordPress 2.7, there are 4 different keys: AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY and NONCE_KEY. When you install WordPress, these keys are randomly generated. However, if you have gone through multiple migrations (check out our list of the best WordPress migration plugins) or purchased a site from someone else, it may be useful to generate fresh WordPress keys.
WordPress Security Keys
WordPress has a free tool that you can use to generate random keys. You can update the current keys that are stored in the wp-config.php file.