Security issues with WP sites

wordpress configuration file is located in the root.In the event that PHP stops functioning on webserver for any reason.we run the risk of this file being displayed in plaintext,which will give our password and database information to visitor.
you can safely move wp-config directory up out of root directory.this will stop if from accidentally served. WordPress has built-in functionality that automatic check parent directory if it cannot find a configuration file.

In this situations on certain hosts, is not option. An alternative on Apache web servers is to set your .htaccess to not serve up the wp-config file.
Add the following line to ur .htaccess file in the root directory.

<FilesMatch ^wp-config.php$>deny from all</FilesMatch>

Related Posts:

  1. How To Clean The Malware Infected & Hacked WordPress Websites? [duplicate]
  2. Hack-Proof OR Security in WordPress — is it real?
  3. Some one is trying to hack my website, Need guidance [closed]
  4. Is there any pre-existing plugin to track and block IPs with suspicious activity on my site?
  5. Website show Google Ads when we have no Google Ads linked to our website
  6. WordPress disable direct access of files in WordPress installation path
  7. Being hacked. Is there a list of WordPress security holes I can check against?
  8. My WP site and password was hacked, what to do? [closed]
  9. What security concerns should I have when setting FS_METHOD to “direct” in wp-config?
  10. What Are Security Best Practices for WordPress Plugins and Themes? [closed]
  11. Are WordPress Plugins essential?
  12. I found this in a plugin. What does it do? is it dangerous?
  13. What are the common security flaws I need to look for? [closed]
  14. Disabled plugins are they security holes – rumor or reality?
  15. What could a hacker do with my wp-config.php
  16. How Can I Securely Implement a Password-less Login Feature?
  17. Security and .htaccess
  18. Why “Contact Form 7” doesn’t update PHPmailer library?
  19. Are there procedures to prevent malicious plugin updates?
  20. Secure WordPress paid plugin
  21. How to make media upload private? [duplicate]
  22. Does WordPress contain “default” anti-SQL injection code that responds with a 404 error?
  23. What does a security risk in a plugin look like?
  24. How to generate/update a XML sitemap without plugins?
  25. WordPress Capabilities: edit_user vs edit_users
  26. Should we use plugins that aren’t available from the official WordPress site?
  27. How to check plugins for malicious code?
  28. How to properly secure my WordPress installation?
  29. Why allow overriding crucial pluggable functions wp_verify_nonce and wp_create_nonce?
  30. Where should my plugin POST to?
  31. Security error WP 4.0 + WP phpBB Bridge [closed]
  32. Should I install plugins to my WordPress installation from web sites having in URL “nulled” or, “null”?
  33. Disabled plugins are security holes – rumor or reality?
  34. Why am I sometimes getting a 404 error when I try to update a page with Elementor?
  35. Should I use RIPS tool to test my themes and plugins?
  36. Prevent Brute Force Attack
  37. Why users disable the WordPress update?
  38. Intercept comment form submit/list by hook/filter
  39. How many security plugins are too many? [closed]
  40. Will WordPress username displayed somewhere in the site?
  41. Upgrading WordPress 4.0 asks for FTP password
  42. How to prevent bot or someone to modify any file automatically?
  43. Is revealing just the AUTH_KEY a security issue?
  44. How Restrict access to admin dashboard by specific static ip?
  45. When is it useful to use wp_verify_nonce
  46. Protecting against malicious code in WordPress plugin updates
  47. Questions about brute force attacks on the admin username, coming from amazon IP addresses
  48. Why Better WP security plugin returns 418 I’m a Teapot “error”?
  49. How to expire all wordpress user passwords instantly?
  50. How to limit WordPress pages during updates?
  51. rms_unique_wp_mu_pl_fl_nm.php
  52. Weird problems after recovery from security breach
  53. How can we deal with unmaintained plugins with vulnerabilities?
  54. Security checking in meta_box save is reluctant?
  55. Escape when echoed
  56. Should you escape hardcoded URLs?
  57. Preventing BFA in WordPress without using a plugin
  58. Is it dangerous to install unupdated plugins?
  59. How can I make uploaded images in the editor load with HTTPS?
  60. How to stop xmlrpc attacks without disabling component to allow JetPack to work in WordPress?
  61. WordPress filter that hook after each action/filter hook
  62. How to delete Passwrd Protected posts cookies when a user logged out from the site
  63. The safest way to automate WordPress backups
  64. wp_create_nonce function doesn’t work inside a plugin?
  65. Does WordPress validate inputs to all functions? (such as get_user_meta and insert_user_meta)
  66. Upgraded to latest version – 3.0.3 and Now I get a “sufficient permissions to access this page” error
  67. Headers Content-Security-Policy CSP Major Issue
  68. How to block plugin activations with no known user or coming from unknown IP address range?
  69. Nonce failing on form submission
  70. Check for security updates
  71. Standard Fail2Ban vs. WP Fail2ban vs. WP Fail2Ban Redux
  72. How can I safely hide the fact that my website runs on WordPress? [closed]
  73. Why can’t I access my Intranet LDAPS with NADI?
  74. Malicious File Upload [closed]
  75. Stop Plugin Enumeration [closed]
  76. Malware installation during plugin update?
  77. My WordPress website was hacked [closed]
  78. I should enable automatic updates?
  79. Can some vulnerabilities in plugins be exploited even when the plugin is inactive?
  80. Is wp-app.php or wp-apps.php needed for WordPress?
  81. Security and Must Use Plugins
  82. Is Timthumb still broken? What security measures should be taken?
  83. Prevent direct access to WordPress plugin assets?
  84. Is it safe to use admin-ajax.php in the frontend?
  85. How to protect WordPress from security scanner [closed]
  86. Specific way to allow WordPress users to view their current password? And edit it?
  87. Too many login attempts
  88. How to prevent plugins from sniffing/stealing other plugins’ options?
  89. how to activate a plugin inside a theme
  90. Vulnerability Concern From the Plugin or From Not Updating the Plugin?
  91. malware undetectable by multiple scans
  92. Custom API plugin to execute 3rd party API to retrieve data
  93. How to deal with Slow HTTP POST (slowloris) vulnerability
  94. Running multiple security plugins
  95. how do I secure my WP website from hackers? [closed]
  96. Chrome Dev Tools console says every page in my blog has link to http://maps.google.com [closed]
  97. Webservice credential storage [duplicate]
  98. Regarding plugin security
  99. How do I determine if the user who registered is not spam?
  100. Want to modify a Plugin – Tweetily – Can I make it tweet a Custom Field instead of Post Title?
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)