将wp-config.php移出根文件夹,我们在根文件夹中有多个WordPress网站以增强安全性

时间:2018-02-09 作者:harshal

我已移动wp配置。php,但我的文件结构如下所示:

public_html
--abccom
--applecom
--wp-config.php
abcomapplecom 文件夹中有wordpress网站bothAs建议,我已移动wp-config.php 外部abccom 为了安全,但现在当我需要为applecom做同样的事情时,我如何才能实现它?

https://webdesign.tutsplus.com/tutorials/how-to-secure-your-wordpress-wp-configphp--cms-27737

1 个回复
SO网友:scytale

Move wp-config.php to its new location somewhere above "public_html" and add a new "skeleton" wp-config.ph in the WordPress directory e.g.

<?php
include(\'/dir_above_public_html/priv-applecom/wp-config.php\');
?>

The wp-config.php script is included by other WordPress files. So to include this from a non default location we can simply 1. move our "real" wp-config from the Wordpress directory to where we want it located. 2. create a new wp-config in the Wordpress directory that does its own includes of the "real" wp-config script.

The benefits of having this file above public_html/web-root are hotly debated. I am in the camp that wants to avoid having scripts with authentication keys, salts & DB "credentials" in a directory that might be accessed via HTTP(S).

There are no real benefits in moving wp-config to another accessible dir (this may be the case for "abccom" where you have moved it to a dir "public_html" which usually indicates it is yes "public".

结束
标签: security   wp-config   小码农  

相关推荐

包括WordPress中的第三方库,需要通过wp-config访问

我正在尝试使用Wordpress中的Defuse加密库:https://github.com/defuse/php-encryption我将此指南用作如何实施它的资源:https://torquemag.io/2016/10/storing-encrypted-data-wordpress-database/我的问题是,如果我的wp config文件需要访问库,我应该将库放在哪里并需要该文件?问题的详细描述:在本教程中,它说生成并存储一个加密密钥,然后将其放入wp config中的常量中。php。为了做到