Securing the configuration file

3. Save the new .htaccess file and upload it to your Web server.

Your wp-config.php file is hidden from any outside bots or search engines.

4. Change file permission (chmod) on wp-config.php to 640.

See Chapter 2 of this minibook for information on file permissions and how to change permissions (chmod) via FTP.

Changing the file permission to 640 ensures that the file can be written
(or changed/edited) only by the owner of the file, not by the public; or
worse yet, by any automated bots or script programs run by hackers.