How to use htaccess to protect your config files

[hoangvu]

To stop anyone exploit/view your config files from your service by some tools, we can use .htaccess to protect our files by using code:

# to protect config_file.php

<Files config_file.php>
order allow,deny
deny from all
</Files>

# to protect wordpress config file

<Files wp-config.php>
order allow,deny
deny from all
</Files>

# to protect the .htaccess file itself:

<Files .htaccess>
order deny,allow
deny from all
</Files>

If you Chmod for a folder is 0777 to upload thumnails so using this code to protect scripts run from its folder and sub-folders

RewriteEngine On
RewriteRule .(php|php3|php4|php5|phps|phtml|shtm|shtml|cgi|pl |pm|asp|cfm|jse|jsp|jar|py|exe|com|bat|dll|pif|scr |reg|inf|htaccess|txt|html|htm)$ - [F]

Hope it's useful to people want to protect your files online.

 

[onliveserver]

Hello,

First of all remove the lines like DB relative entry in web-config.php and hyper link the that location.

define('DB_NAME', 'Your_DB'); // name of database
define('DB_USER', 'DB_User'); // MySQL user
define('DB_PASSWORD', 'DB_pass'); // and password
define('DB_HOST', 'localhost'); // MySQL host

// <?php
include('/home/user/config.php');
//

Create a file /home/user/config.php or edit the data which has removed from the web-config.php file.
there is also entry in .htaccess file for security the web.conf file.

.........................
# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>
..........................