If you’re running a common CMS platform such as WordPress or Joomla, we recommend you have a read of “What are the best practice steps I should take to secure my content management system script?”
Protecting your CMS configuration file(s) is critical in maintaining security of your website. Many common CMS scripts have a configuration file which contains your database, database user and password; meaning it’s both a gateway to ensuring your website continues to function, but also a means of hacking.
Configuration file permissions
If the file permissions on your CMS’ configuration file are set too high, the contents of this file could potentially be exposed – leaking the database details to the world. To prevent this it is recommended you set your file permissions (chmod) to 400 on your configuration php file.
You can set the chmod permissions on your files and folders using FTP or cPanel’s File Manager.
Additionally it is important to only display errors which you actually need; typically for a product website you would prevent any and all errors from printing to your website for visitors. We recommend turning off error_reporting using PHP Selector to avoid showing errors (which may contain your database password) to the world.