Breaking News

Blocking Web Access to the WordPress Wp Config File

Blocking Web Access to the WordPress Wp Config File.

In this lesson we will learn Blocking Web Access to the WordPress wp config File and previous lesson, we learned Blocking web access to the WordPress includes folder.


Where we added code to .htaccess file on the server to prevent web access to the includes folder with the WordPress, this prevents malicious code from sneaking way to in WordPress itself and embedding in the application.

Now we have to add again Code in .htaccess file for Blocking Web Access to the WordPress wp config File.

If you are not familiar with the file you can see that file.

  • Open Your cPanel Account.
  • File manager.
  • Public_html.
  • Wpconfig.php.

(Wp-config.php) file that allows WordPress to talk with database and this file is really important because the file contains the access information of the database, you remember that when you set up WordPress originally you had to enter the database name, database username, database password, and database table prefix.

All the data stored in new file WordPress created called wp-config.php, that means if some hackers manage to gain the access to that file. They will be able to see what database name is, and database username is, database passwords and table prefix.

Another word you do not want anyone is able to access wp-config.php file and just we like did with the includes folder in the last lesson we blocked access to file using some simple expressions, in .htaccess.

Now same we will do for the wp.config file. But coding is different How?

See the following steps.

  • Open Your cPanel Account.
  • File manager.
  • Public_html.
  • .htaccess.
  • Paste below coding.

Blocing web access to wp-config.php.

In .htaccess:

(Below code copy and paste to .htaccess file).

<files wp-config.php>

order allow, deny

deny from all


Note: See below image How code will be used in .htaccess file.

way of coding wp config

The meaning of the code is. If you try to access wpconfig.php. you are denied. Noone can gain the access, this file from the web.

The only way the gain the access, the file is through file server itself, means you get in, through server administrations, or some other versions control or through FTP or SFTP .

Simply nobody cannot the access wp config from the web, so simply by adding 04 lines, now you are completely blocking the access.

After doing this go to the dashboard and check out the website, if something goes wrong you can delete above coding.

About imran

My Name Mohammad Ramzan Bhutto. Live in District Jacobabad, Sindh, Pakistan. I have started blogging on Information Technology, my selected areas are Online Business, Digital Marketing, Make Money Online.

Check Also


How to Use WordPress Links. In this lesson, we will learn how to use WordPress …