How to Make wp-config.php & .htaccess Files Secure Using Chmod

analogue lock

Wp-Config.php contains your database information which includes username, password, host etc. whereas .htaccess is mostly hacked to redirect the traffic from your site to some other destination on the web. Therefore, leaving them unsecured can make the job of hackers pretty much easy to steal your data and traffic from you.

Chmod is a functionality that allows you to set permission for users, groups and public accessing files and folders on your site. To make it easier to understand the numbers associated with the permissions I’ve created a chart below for you before which you need to remember that:

Write = w

Read = r

Execute = x

  7       4      4
 user   group  world
 r+w+x    r      r
 4+2+1  4+0+0  4+0+0  = 744
0477 -r—rwxrwx     owner has read only (4), other and group has rwx (7)
0677 -rw-rwxrwx     owner has rw only(6), other and group has rwx (7)
0444 -r—r—r—     all have read only (4)
0666 -rw-rw-rw-     all have rw only (6)
0400 -r––—     owner has read only(4), group and others have no permission(0)
0600 -rw––-     owner has rw only, group and others have no permission
0470 -r—rwx–     owner has read only, group has rwx, others have no permission
0407  -r–—rwx     owner has read only, other has rwx, group has no permission
0670 -rw-rwx–     owner has rw only, group has rwx, others have no permission
0607    -rw–-rwx     owner has rw only, group has no permission and others have rwx

Hint: Never use 777 as file permission for any file on WordPress.

Changing wp-config.php file Permissions to make it Secure

 1. Login to your cPanel

2. Go to File & Folders

3. Click on web or public html folder

4. Find the file wp-config.php

5 Right click on it and select permissions

6. Either change the numberic value to 400 or deselect all other boxes except “Read” for “Owners Permission” only.

7. Click “OK”

Changing .htaccess File Permissions to make it Secure

Repeat first three steps as mentioned above and find the .htaccess file and set the permission to 644 or select “Read” for all i.e. Owners, Group & Public whereas “Write” for “Owner Permissions” only and hit ok button.

Congratulations your wp-config.php and .htaccess files are safe.

Previous articleHow to Change a Username in WordPress
Next articleHow to Recover a Hacked WordPress Site
I’m Hasan, by profession a Marketer currently working as Head of Digital Marketing at Allainet, Pakistan office. Frankly speaking I love what I do and consider myself to be one of the luckiest person on the earth. Well, I don't make millions of dollars from my sites to drive a fancy car neither became super famous yet. What I do have is a beautiful wife, two amazing daughters, a loving family, awesome friends and the line of work that makes me feel special.

Leave a Reply