Wp-Config.php contains your database information which includes username, password, host etc. whereas .htaccess is mostly hacked to redirect the traffic from your site to some other destination on the web. Therefore, leaving them unsecured can make the job of hackers pretty much easy to steal your data and traffic from you.
Chmod is a functionality that allows you to set permission for users, groups and public accessing files and folders on your site. To make it easier to understand the numbers associated with the permissions I’ve created a chart below for you before which you need to remember that:
Write = w
Read = r
Execute = x
7 4 4 user group world r+w+x r r 4+2+1 4+0+0 4+0+0 = 744
|0477||-r—rwxrwx||owner has read only (4), other and group has rwx (7)|
|0677||-rw-rwxrwx||owner has rw only(6), other and group has rwx (7)|
|0444||-r—r—r—||all have read only (4)|
|0666||-rw-rw-rw-||all have rw only (6)|
|0400||-r––—||owner has read only(4), group and others have no permission(0)|
|0600||-rw––-||owner has rw only, group and others have no permission|
|0470||-r—rwx–||owner has read only, group has rwx, others have no permission|
|0407||-r–—rwx||owner has read only, other has rwx, group has no permission|
|0670||-rw-rwx–||owner has rw only, group has rwx, others have no permission|
|0607||-rw–-rwx||owner has rw only, group has no permission and others have rwx|
Hint: Never use 777 as file permission for any file on WordPress.
Changing wp-config.php file Permissions to make it Secure
1. Login to your cPanel
2. Go to File & Folders
3. Click on web or public html folder
4. Find the file wp-config.php
5 Right click on it and select permissions
6. Either change the numberic value to 400 or deselect all other boxes except “Read” for “Owners Permission” only.
7. Click “OK”
Changing .htaccess File Permissions to make it Secure
Repeat first three steps as mentioned above and find the .htaccess file and set the permission to 644 or select “Read” for all i.e. Owners, Group & Public whereas “Write” for “Owner Permissions” only and hit ok button.
Congratulations your wp-config.php and .htaccess files are safe.