How do I test to ensure that my wp-config file is protected?

The old method works for me, and any requests result in a 403 status response instead of execution of the php script. I’ve not checked your 2nd method, but if it works it will similarly respond with 403 denied/forbidden.

To test you simply have to insert the URL of your “wp-config.php” in the address bar of your browser e.g. http://example.com/wp-config.php . Depending on browser and/or sites custom 403 settings your browser will display “forbidden”, “access denied” etc.

Note you can also move wp-config.php one directory up from where WordPress installed it – and if this is then above Webroot/public_html it will no longer be “directly” accessible by hackers. More on this here Is moving wp-config outside the web root really beneficial?

Related Posts:

  1. Improve wordpress security by hiding non public resources
  2. Does this .htaccess security setting really work?
  3. File and directory permissions
  4. Rewrite /?rest_route=/ link to /wp-json/ without changing default permalink structure in apache
  5. index.php not loading in main folder of wordpress
  6. Using “wordpress_logged_in” to restrict direct access to uploads folder in 2021
  7. WordPress URL/Folder ReWrite using Htaccess
  8. Which WordPress scripts need to be executable for a fresh installation?
  9. Blocking access to wp-login via htaccess not working
  10. Attach to wp-login.php and xmlrpc.php
  11. Redirect from different port to subdomain – htaccess
  12. WordPress 404 on Subdomain
  13. XMLRPC filtering through htaccess not working
  14. Only expose routes with prefix /wp-json on WordPress using Apache
  15. Restricting user login by IP address
  16. What’s the opposite of required valid user in .htaccess authentication
  17. How can i redirect one url to another url using .htaccess or add_rewrite_rule
  18. Override htacces rule only for specific directory
  19. Restrict uploaded files into a custom folder to logged in users by htaccess: looking for Nginx – not only Apache – solution
  20. WordPress: Adding Security
  21. WordPress not seeing .htaccess rules
  22. .htaccess Security Header Rules
  23. mod_rewrite loop, redirecting http to https on certain section of wordpress blog
  24. .htaccess in subdir gets ignored by WordPress’ own .htaccess in /
  25. Rules in .htaccess only if the requested URL is /wp-admin
  26. Directing subdomain to main domain and keeping the subdomain format with .htaccess
  27. WordPress – Promoting A Dev Build In A Subdirectory To Production / Root Directory
  28. Redirect old domain with query paramaters
  29. Does WP suppresses .htaccess if permalinks are disabled?
  30. Disable directory browsing of uploads folder
  31. Strange behaviour of is_user_logged_in() and get_current_user_id()
  32. fix 302 redirection error on https
  33. Access sub-domain when root public_html is protected with .htaccess password
  34. Accepting special characters in querystring
  35. WordPress permalinks confusion
  36. Selectively Disabling PHP via .htaccess in Root Directory
  37. Configure .htaccess to have a WordPress single site installation with all subdomains pointing to the same pages?
  38. Should I prevent access to .htaccess and wp-config.php files?
  39. Blocking wp-login in HTACCESS has also blocked password protected pages
  40. Basic Auth .htaccess on wp-login, but allow logout from woocommerce
  41. Using htaccess to prevent spam through wp-comments-post.php
  42. Unable leverage Browser Caching on AWS Bitnami stack (Apache) through W3TC and Cloudfront CDN
  43. How to move wordpress website from hosting account to localhost
  44. How to block wordpress admin by htaccess
  45. I can access subdirectory, but not files within it
  46. How can I create a private site that is inaccessible from the outside?
  47. Restrict Content for only Contributors via .htaccess
  48. Allowing access to certain WordPress created pages or posts with htaccess / htpasswd
  49. WordPress redirection
  50. How To Add CSP frame ancestors in WordPress Website? [closed]
  51. Subfolder install not working
  52. Browser Caching .htaccess
  53. Hardening WordPress – how to set .htaccess permissions?
  54. Security headers disappear on WordPress pages
  55. Avoid duplicate content on pretty URLs with htaccess
  56. Why is this line of code Wrong in every WordPress .Htaccess security article?
  57. How to redirect all HTTP requests to HTTPS
  58. How can I use an .htaccess file in Nginx?
  59. .htaccess redirect http to https
  60. PHP $_SERVER[‘HTTP_HOST’] vs. $_SERVER[‘SERVER_NAME’], am I understanding the man pages correctly?
  61. Redirect vs RedirectMatch
  62. How to automatically redirect HTTP to HTTPS on Apache servers?
  63. htaccess – Redirect to subfolder without changing browser URL
  64. How do I disable directory browsing?
  65. Https to http redirect using htaccess
  66. Getting a 500 Internal Server Error on Laravel 5+ Ubuntu 14.04
  67. How to remove index.php from WordPress site URL
  68. .htaccess: Invalid command ‘RewriteEngine’, perhaps misspelled or defined by a module not included in the server configuration
  69. Redirect old php link to wordpress link in .htaccess
  70. Redirect old php link to wordpress link in .htaccess
  71. Cant login to wp-admin (redirecting to homepage), But CAN login to wp-login.php
  72. Cant login to wp-admin (redirecting to homepage), But CAN login to wp-login.php
  73. Best collection of code for your .htaccess file [closed]
  74. Default .htaccess file for WordPress?
  75. Which one does WordPress prioritize when it comes to php.ini, wp-config and .htaccess?
  76. Security and .htaccess
  77. WordPress site hacked. Has .htaccess been hacked?
  78. Use subdomain for certain urls
  79. htaccess problem after saving Settings
  80. Protecting direct access to PDF and ZIP unless user logged in (without plugin)
  81. Multisite htaccess on localhost with WP as an SVN external?
  82. Stop WordPress and Plugins from Overwriting .htaccess
  83. Change Login URL Without Plugin
  84. htaccess disable WordPress rewrite rules for folder and its contents
  85. htaccess rewrite conflict with wordpress rules and ssl
  86. htaccess https redirect from www to non-www
  87. What does a security risk in a plugin look like?
  88. Htaccess for Wordpess set on single subdomain
  89. Securing wp-admin folder – Purpose? Importance?
  90. adding rewrite rules in .htaccess
  91. .htaccess and 500 error, extra character added
  92. Name-based virtual host configuration in Apache seems to cause a “500 Internal Server Error”
  93. Place static HTML files in path below WordPress page
  94. WordPress Multisite – Multiple subfolders for blogs
  95. Static raw HTML page
  96. WordPress + Magento .htaccess ReWriteRule Issue (www vs. non-www)
  97. Plugin to edit htaccess file
  98. htaccess rewrite for author query string when WP is in subfolder
  99. Why “Settings->Permalinks” creates .htaccess file on nginx server?
  100. .htaccess for wordpress inside another wordpress install
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)