How do I test to ensure that my wp-config file is protected?

The old method works for me, and any requests result in a 403 status response instead of execution of the php script. I’ve not checked your 2nd method, but if it works it will similarly respond with 403 denied/forbidden.

To test you simply have to insert the URL of your “wp-config.php” in the address bar of your browser e.g. http://example.com/wp-config.php . Depending on browser and/or sites custom 403 settings your browser will display “forbidden”, “access denied” etc.

Note you can also move wp-config.php one directory up from where WordPress installed it – and if this is then above Webroot/public_html it will no longer be “directly” accessible by hackers. More on this here Is moving wp-config outside the web root really beneficial?

Related Posts:

  1. Improve wordpress security by hiding non public resources
  2. Does this .htaccess security setting really work?
  3. File and directory permissions
  4. Rewrite /?rest_route=/ link to /wp-json/ without changing default permalink structure in apache
  5. index.php not loading in main folder of wordpress
  6. Using “wordpress_logged_in” to restrict direct access to uploads folder in 2021
  7. WordPress URL/Folder ReWrite using Htaccess
  8. Which WordPress scripts need to be executable for a fresh installation?
  9. Blocking access to wp-login via htaccess not working
  10. Attach to wp-login.php and xmlrpc.php
  11. Redirect from different port to subdomain – htaccess
  12. WordPress 404 on Subdomain
  13. XMLRPC filtering through htaccess not working
  14. Only expose routes with prefix /wp-json on WordPress using Apache
  15. Restricting user login by IP address
  16. What’s the opposite of required valid user in .htaccess authentication
  17. How can i redirect one url to another url using .htaccess or add_rewrite_rule
  18. Override htacces rule only for specific directory
  19. Restrict uploaded files into a custom folder to logged in users by htaccess: looking for Nginx – not only Apache – solution
  20. WordPress: Adding Security
  21. WordPress not seeing .htaccess rules
  22. .htaccess Security Header Rules
  23. mod_rewrite loop, redirecting http to https on certain section of wordpress blog
  24. .htaccess in subdir gets ignored by WordPress’ own .htaccess in /
  25. Rules in .htaccess only if the requested URL is /wp-admin
  26. Directing subdomain to main domain and keeping the subdomain format with .htaccess
  27. WordPress – Promoting A Dev Build In A Subdirectory To Production / Root Directory
  28. Redirect old domain with query paramaters
  29. Does WP suppresses .htaccess if permalinks are disabled?
  30. Disable directory browsing of uploads folder
  31. Strange behaviour of is_user_logged_in() and get_current_user_id()
  32. fix 302 redirection error on https
  33. Access sub-domain when root public_html is protected with .htaccess password
  34. Accepting special characters in querystring
  35. WordPress permalinks confusion
  36. Selectively Disabling PHP via .htaccess in Root Directory
  37. Configure .htaccess to have a WordPress single site installation with all subdomains pointing to the same pages?
  38. Should I prevent access to .htaccess and wp-config.php files?
  39. Blocking wp-login in HTACCESS has also blocked password protected pages
  40. Basic Auth .htaccess on wp-login, but allow logout from woocommerce
  41. Using htaccess to prevent spam through wp-comments-post.php
  42. Unable leverage Browser Caching on AWS Bitnami stack (Apache) through W3TC and Cloudfront CDN
  43. How to move wordpress website from hosting account to localhost
  44. How to block wordpress admin by htaccess
  45. I can access subdirectory, but not files within it
  46. How can I create a private site that is inaccessible from the outside?
  47. Restrict Content for only Contributors via .htaccess
  48. Allowing access to certain WordPress created pages or posts with htaccess / htpasswd
  49. WordPress redirection
  50. How To Add CSP frame ancestors in WordPress Website? [closed]
  51. Subfolder install not working
  52. Browser Caching .htaccess
  53. Hardening WordPress – how to set .htaccess permissions?
  54. Avoid duplicate content on pretty URLs with htaccess
  55. Why is this line of code Wrong in every WordPress .Htaccess security article?
  56. What’s the point of the default .htaccess?
  57. malware affecting backend of wordpress website-could be .htaccess file
  58. How to redirect all HTTP requests to HTTPS
  59. Default .htaccess file for WordPress?
  60. Which one does WordPress prioritize when it comes to php.ini, wp-config and .htaccess?
  61. Security and .htaccess
  62. How disable SSL redirect for specific URL?
  63. Which ways can be used to log in to WordPress?
  64. Why does the header set X-Robots-Tag apply to all pages?
  65. How to change “wp-admin” to something else without search-replacing the core?
  66. Error:406 not acceptable
  67. A plugin changes my .htaccess file and I can’t access httpd.conf as that’s a shared server
  68. How can I code my plugin to safely modify .htaccess?
  69. HTAccess stops me from accessing WordPress Dashboard links
  70. .htaccess rewrite rule puzzle
  71. browser caching not disabled after disabling in .htaccess
  72. Transfer to HTTPS – mixed content on main page only [closed]
  73. Htaccess redirect after changing Language URL format
  74. blocking access to all post/tag URIs via htaccess
  75. sitemap contains weird links and does not contain my pages [closed]
  76. want to rewrite an URL in wordpress
  77. how to redirect 301 my old search query string to wordpress search query string?
  78. How to block access to files without modifying .htaccess or ngnix config? [closed]
  79. how to combine wordpress htaccess on my root domain + php on subfolder
  80. Allow REST API over HTTP, the rest of the site forced to HTTPS
  81. Conflict with Force SSL and Rewrite Rules
  82. How do I do a redirect to WordPress permalink with post id via htaccess?
  83. Creating a copy of a website in a subdirectory, wp-admin redirect problem
  84. Troll the hackers by redirecting them
  85. I am new in word pres my font awesome is not allow
  86. Why my WordPress Site Asking for HTTP Authentication?
  87. htaccess redirects invalid request to home page not 404
  88. Deny php execution in /wp-includes – using .htaccess in /wp-includes VS root folder
  89. How to properly give WordPress its own directory
  90. WordPress permalinks is wrong. It wants me to change my htaccess file. But then site crashes
  91. Question with .htaccess and wp-login.php prevention
  92. WordPress RSS feed to external XML
  93. Does htaccess password keep search engines out?
  94. htaccess old php pages to new wordpress ones
  95. different CNAME to corresponding subfolders
  96. block seacrh engines for all pages EXCEPT homepage
  97. My WP site and password was hacked, what to do? [closed]
  98. htaccess – Server Subdirectory With Different Name Than URL Subdirectory
  99. .htaccess seems to be required but I can not find it
  100. cant access website thru www only works on direct xyz.com