Added protection for wp-config.php
The wp-config.php file, containing your WordPress database credentials, is for many of us the most sensitive web file on the server. It merits special attention.
Assuming you've followed the tips in Chapter 6, your configuration file is seriously solid already, barring a server exploit or administrative error. Barring a server exploit or administrative error? Precisely. Let's throw something else at it.
Moving wp-config.php above the WordPress root
This involves cutting the file from its WordPress root location and pasting it a level above, outside of the public web files. The platform will find it there, but some plugins won't. In that case, have a word with the plugin author or swap the plugin. Failing that, you'll have to weigh up the merit of this move against the loss of functionality.
Less value for non-root installations
The previous move is more powerful when WordPress lives in your site's root. Then, by shifting the wp-config.php above the public web...
