View all Products Close Menu Menu
How should I secure my configuration files of my website scripts?
Posted Tuesday April 29th 2014 / Category Security

If you’re running a common CMS platform such as WordPress or Joomla, we recommend you have a read of “What are the best practice steps I should take to secure my content management system script?

Protecting your CMS configuration file(s) is critical in maintaining security of your website. Many common CMS scripts have a configuration file which contains your database, database user and password; meaning it’s both a gateway to ensuring your website continues to function, but also a means of hacking.

Configuration file permissions

If the file permissions on your CMS’ configuration file are set too high, the contents of this file could potentially be exposed – leaking the database details to the world. To prevent this it is recommended you set your file permissions (chmod) to 400 on your configuration php file.

You can set the chmod permissions on your files and folders using FTP or cPanel’s File Manager.

Display errors

Additionally it is important to only display errors which you actually need; typically for a product website you would prevent any and all errors from printing to your website for visitors. We recommend turning off error_reporting using PHP Selector to avoid showing errors (which may contain your database password) to the world.

Can’t find the answers you're looking for? Check out these other methods of support!