The MU forums have moved to

Be secure. for WP blog. (3 posts)

  1. conpeo
    Posted 17 years ago #

    For your blog security, please mind that don't keep any backup zip file (compress file type) in your blog database or server directory. Delete it after use.

    [quote]Since Google Code Search actually indexes the contents of compressed files like ZIP and TARBALL files, we were able to find copies of people’s wp-config files and several contained usernames and passwords.[/quote]

    Refer this for more discuss.
    title - "Some of your db passwords are belong to us"

    P/S: just for security reference.
    that's not the php/wp/google problem, but we should know to protect ourselves.

  2. aydos
    Posted 17 years ago #

    a method:
    create a password protected (or out of public_html) directory and a php file in it. put the db defines in it:

    define('DB_NAME', 'mydb');
    define('DB_USER', 'myuser');
    define('DB_PASSWORD', 'mypass');
    define('DB_HOST', 'localhost');

    delete these lines in config.php and add


    this file must be outside of your backups.

  3. drmike
    Posted 17 years ago #

    That's one of the steps we use on the autoinstalling scripts that we do for my hosting. Too many open source projects put non config stuff into their config files and you may have to override them when you update.

    Figured that out when we ran the update script the first time and knocked out about 360 phpNuke sites. :)

About this Topic