This is really more of a server configuration question. By necessity, wp-config.php must be readable by WordPress itself, but file access/security beyond that is really a matter of how your server is configured.
- Refer to the Codex for recommended file permissions for WordPress.
- Refer to the Codex for recommended ways to secure
wp-config.php - Refer to this related WPSE question/answer regarding moving
wp-config.phpout of the web root entirely
Related Posts:
- If I change the salt keys in my wp-config will all passwords break?
- Safe to store SMTP password in wp-config.php?
- How to change user password with wp-cli?
- wordpress redirect after password reset
- Loosen/disable password policy
- Password Protect Custom Page
- Password protecting a page
- How to save Admin FTP password
- How can I change the default wordpress password hashing system to something custom?
- Conditional to test if post has password protection enabled
- Bypass password protected posts via GET variable
- Check the password of a user
- How to add Wp_error using lostpassword_post hook when validating custom field?
- Create a USERNAME and PASSWORD protected WordPress page
- Why do generated passwords start/end with spaces?
- Duplicate hash method for password in .NET
- Hide password protected posts
- Access code/password only restricts page access, no user registration..?
- PasswordHash not found in namespace
- Force all users in MU to change their passwords
- Reseting admin password through PHPMyadmin fails
- Check Password Reset Key Not Woking
- Reset password – set minimum length for new password
- How to shorten length of auto generated password sent during registration?
- Forgot password not working
- wp_hash_password unexpected behaviour
- Password reset message – change the network_home_url( ‘/’ )
- Redirect a password protected page?
- Lost password link is redirecting to /shop/my-account/lost-password/
- WordPress: force users to change password on first login
- Can’t login to wordpress despite changing password to something known directly in MySQL or using “Password Reset by Email” feature
- Change default recovery link expiration time
- Lost password link redirects to my-account/lost-password/,how to fix it back to default lost password
- Password protect custom template
- Set content type to HTML for lost password email only
- Custom password generator for users
- Where is the reset password key stored/generated?
- Password protecting template, secured content not showing if even password is right
- How validate usernames/passwords against WP’s database?
- Make post password required to publish
- WordPress reset password returns invalid key
- Add error message on password protected pages
- User password field is empty
- Password reset bug? – “Sorry, that key does not appear to be valid”
- How to set minimum length and error message for password recovery?
- Why is resetting the WordPress Users password not working?
- Get plain password on register
- post_password_required() not recognizing cookie set with correct password
- Is there any point setting the keys and salts in wp-config.php?
- How Authentication in wordpress works? wp_authenticate_username_password()
- Password protect the site (without htaccess or membership)
- Password Protected page not asking for a password
- I would like to password protect my entire WordPress site (ip validated), except for one page
- Password protection for page template
- Custom login form for front-end user as well as admin
- how to remotely check a username / password from within a plugin
- Password changed [duplicate]
- Enable Update button only when password is shown strong
- How to get user password before being encrypted outside the wordpress core once add a new user from dashboard?
- Adding parameters to password reset key
- wp_hash_password create a different hash everytime
- Custom password form allows unlock two posts with the same password
- How to change password
- How do I transfer user passwords from one WordPress site to another?
- Generating the password reset link automatically
- Password protect pages – allow more than one password
- password recovery key is invalid on custom reset
- Like to store multiple passwords in db table wp_posts field post_password?
- Password Protected Post is invisible until you login
- Send password to user instead of reset password link
- Protect Passwords in wp_users with stronger protection than MD5
- Custom form for password protected page
- How to check user’s password?
- How to Remove or Deactivate “Application Passwords” in WordPress
- What’s the algorithm to verify user password?
- How to change “Reset Password” text on submit button
- Customize retrieve password message
- How to recover password from a user
- resend user login & password with custom button
- WordPress admin creation through phpmyadmin not working
- How to show my wordpress admin username & password?
- Why does hashing a password result in different hashes, each time?
- how to encyrpt DB_PASSWORD in wp-config
- Can’t alter $lostpassword_url
- current user’s password check
- How to initiate password reset flow by code
- Change password fields
- lostpassword_redirect filter is not used
- How to read third party cookie to access password protected pages
- Ask logged in user to re-enter password to access page “x”
- Password Protect or IP to access under development WordPress site otherwise shown a placeholder page
- Password protected sites
- Password-protected page redirecting to frontpage when I enter the password
- 2 accounts under same email preventing me from loging in
- How would I create a Password Protected Page with Content on it?
- Site only for users authenticated by different PHP application
- wordpress custom password change problem
- Allow all reset password links within the past 24 hours to be valid and accepted
- WooCommerce Lost Password reset goes to 404
- Set id and password for each post