How to use htaccess to protect your config files

hoangvu

New member
Joined
Jun 6, 2012
Messages
1,835
Points
0
To stop anyone exploit/view your config files from your service by some tools, we can use .htaccess to protect our files by using code:

# to protect config_file.php
Code:
<Files config_file.php>
order allow,deny
deny from all
</Files>
# to protect wordpress config file
Code:
<Files wp-config.php>
order allow,deny
deny from all
</Files>
# to protect the .htaccess file itself:
Code:
<Files .htaccess>
order deny,allow
deny from all
</Files>
If you Chmod for a folder is 0777 to upload thumnails so using this code to protect scripts run from its folder and sub-folders
Code:
RewriteEngine On
RewriteRule .(php|php3|php4|php5|phps|phtml|shtm|shtml|cgi|pl |pm|asp|cfm|jse|jsp|jar|py|exe|com|bat|dll|pif|scr |reg|inf|htaccess|txt|html|htm)$ - [F]
Hope it's useful to people want to protect your files online.
 

onliveserver

New member
Joined
Jun 22, 2017
Messages
29
Points
0
Hello,

First of all remove the lines like DB relative entry in web-config.php and hyper link the that location.

define('DB_NAME', 'Your_DB'); // name of database
define('DB_USER', 'DB_User'); // MySQL user
define('DB_PASSWORD', 'DB_pass'); // and password
define('DB_HOST', 'localhost'); // MySQL host

// <?php
include('/home/user/config.php');
//

Create a file /home/user/config.php or edit the data which has removed from the web-config.php file.
there is also entry in .htaccess file for security the web.conf file.

.........................
# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>
..........................
 
Latest threads
Replies
1
Views
7
Replies
1
Views
6
Replies
1
Views
124
Recommended threads

Referral contests

Referral link for :

Sponsors

Popular tags

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top