[wp-trac] [WordPress Trac] #12988: Modify wp-load.php to search for wp-config.php 2 directories higher

WordPress Trac wp-trac at lists.automattic.com
Tue Apr 13 20:08:26 UTC 2010


#12988: Modify wp-load.php to search for wp-config.php 2 directories higher
-------------------------+--------------------------------------------------
 Reporter:  chipbennett  |       Owner:  ryan              
     Type:  enhancement  |      Status:  new               
 Priority:  normal       |   Milestone:  Unassigned        
Component:  Security     |     Version:                    
 Severity:  normal       |    Keywords:  wp-load, wp-config
-------------------------+--------------------------------------------------
 Currently, wp-load.php looks for wp-config.php both in the same directory
 as wp-load, and also one directory higher. Thus, for the default use case
 (WordPress installed in a subdirectory, e.g. public_html/wordpress/), wp-
 config.php can be placed in /public_html/wordpress/ or /public_html/.

 Due to security concerns (e.g. the recent Network Solutions wp-config.php
 hack), it may be advantageous to move wp-config.php above the publicly
 accessible /public_html/ directory altogether, as such:

 `/wp-config.php
 /public_html/wordpress/wp-load/`

 Granted, anyone who would go to the trouble of moving wp-config would
 probably not leave file permissions insecure. Even still, this would
 provide an extra layer of security for obscuring database credentials.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/12988>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list