Concerns over wp-config file [closed]

WordPress core does not contain obfuscated code (with unfortunate exception of revisions easter egg).

While wp-config.php can (and often does) contain arbitrary code, it is not normal for extensions to add anything there and there isn’t an API way for it. In a nutshell it is meant to be edited by hand for specific configuration purposes.

I would assume any obfuscated code in that context to be harmful and site compromised.

Related Posts:

  1. Best practice for versioning wp-config.php?
  2. Password in wp-config. Dangerous?
  3. What’s the difference between WP_MEMORY_LIMIT and WP_MAX_MEMORY_LIMIT?
  4. Turn Off Automatic Trash Deletion?
  5. How can I change preview URL?
  6. Override the wp_siteurl and wp_home not work
  7. Changing WP_CONTENT_DIR and WP_CONTENT_URL in wp-config.php does not register?
  8. Missing a temporary folder despite settings in wp-config.php
  9. How to use live images on local install?
  10. Syntax of FS_CHMOD_DIR and FS_CHMOD_FILE
  11. WordPress PHP error handling and reporting in production environment
  12. Declaratively Configuring WordPress in XML or JSON or YAML
  13. Fatal error: Allowed memory size of 41943040 bytes exhausted (tried to allocate 20480 bytes)
  14. How to set up gmail SMTP in WordPress
  15. error:-Cannot modify header information – headers already sent by
  16. Changing HTTP URL Port
  17. How to update WordPress from the latest trunk
  18. how to use is_admin in wp-config.php
  19. Locked out of WordPress Site Admin after enabling Force SSL on WordPress Https (SSL)
  20. Set wp-content folder to Dropbox folder
  21. Including a 3rd party library in WordPress which needs to be accessible by wp-config
  22. wp-config.php being deleted
  23. Get WP CLI to hide debug warnings and notices in JSON output, same setting as website
  24. Installation Issue WordPress locally – The file ‘wp-config.php’ already exists
  25. What is this file: wp-config-wpe.php?
  26. enable SFTP via SSH keys in wordpress
  27. html lang=”” instead of lang=”en-us” – why?
  28. Why do I get a WAMP homepage when clicking on specific website’s URL on LocalHost?
  29. Creating the wp-config.php file manually
  30. What Does this Code Snippet Do?
  31. Can I delete `wp-config-sample.php` after installing and configuring WordPress?
  32. How to reliably set file/folder permissions?
  33. Multiple wp-config.php files in one home directory
  34. Why edits to wp-config.php must come before “That’s all” comment
  35. error log cluttered with undefined DB_USER wp-admin/setup-config.php
  36. Is it possible to override the ABSPATH constant
  37. How to stop fatal error when loading theme template file directly
  38. Should I change wp-config for SSL?
  39. Out of memory errors : how best to track them down
  40. Redefine cookie domain for subdomains
  41. multiple language directories
  42. Error in database connection [closed]
  43. Update wp-config.php and lost pages
  44. Conflict with wp_homeurl, wp_siteurl and admin interface settings
  45. error messages in dashboard login
  46. where should I write constants in wordpress?
  47. Issues copying site into local machine
  48. Autosave interval remains default despite wp-config.php defines
  49. Carriage Return control character (^M) found in wp-config-sample.php
  50. Are the wordpress settings (abspath, disable core updates) added by SiteGround of any use after I’ve migrated to a different host?
  51. Need help fixing my wp-config file [closed]
  52. Why was my new WordPress installation’s config page publicly viewable when first installed?
  53. WP_MEMORY_LIMIT didn’t work in wp-config, only within default-constants.php
  54. Cookie set without HttpOnly flag
  55. Changing the wp-config.php broke the site
  56. Publishing WordPress from stage to production server
  57. Define option outside wp-config.php (on WordPress.com)
  58. Site lost all formatting when I attempted to migrate to Bluehost [closed]
  59. Moving wp-config.php one level up – 500 error – Nginx [closed]
  60. How can I configure an SMTP Server?
  61. What should index.php contain on Synology NAS to get external access to WordPress to work?
  62. Remote server does not read `WP_HOME` from wp-config.php when local server does
  63. Not showing old migrated content in website
  64. How to rename the wp-config.php file once under version control?
  65. Read wp-config without loading the rest of WordPress – i.e. wp-settings, etc
  66. Proper way to have multiple installs with a single database
  67. How turn on error reporting without reset?
  68. WordPress installed on a Sub-directory
  69. Editing wp-config.php file asks for another installation
  70. $post->id vs $post->ID problem after using WordPress config bootstrap
  71. ABSPATH not defined?
  72. How to stage a redesigned site on a new webhost while the original site is still live? [closed]
  73. WordPress login redirection not working on Nginx root directory
  74. Plesk login inaccessible after changing site URL
  75. Need help re-connecting local WP-config file to local database
  76. Change of “home” results in timeouts (only on index.php)
  77. wp-config.php randomly will reset to wp-config-sample.php
  78. WP_SITEURL vs WP_HOME link output
  79. What can an attacker do if he has access to my wp-config file?
  80. How to fix wp-login.php gives error 500 after migration?
  81. Change default wordpress FS owner
  82. Define new constants in wp-config
  83. sudden changing of host IP result in crash of the site
  84. Move wp-content outside root
  85. Can you define readability settings in wp-config.php?
  86. Can wp-config move cause dashboard not to load?
  87. Unable to change WordPress language (WordPress 4.2.2)
  88. PressPi (WordPress) Broken Layout
  89. How to change WordPress theme file path to a remote server?
  90. Why is WordPress not using $_SERVER[‘SERVER_NAME’] for ‘WP_SITEURL’ and ‘WP_HOME’ as default?
  91. WordPress Redirect on Name Change
  92. Is there any reason why using the same wp-config file might not work in MAMP?
  93. Best function/method to access wp-config?
  94. WordPress still requires FTP information
  95. Why would changing ports from 80 to 8080 cause wordpress to act unexpectedly?
  96. Change URL when visiting wordpress site
  97. max_input_vars not updating through wp-config
  98. Disabling zlib compression and enforcing gzip
  99. Can WP-CLI modify database connection details in existing wp-config file?
  100. How to specify server path in code?