How do I protect my CMS configuration file?
Protecting your CMS configuration file(s) is critical in maintaining security of your website. Many common CMS scripts have a configuration file which contains your database, database user and password; meaning it’s both a gateway to ensuring your website continues to function, but also a means of hacking.
Configuration file permissions
If the file permissions on your CMS’ configuration file are set too high, the contents of this file could potentially be exposed – leaking the database details to the world. To prevent this it is recommended you set your file permissions (chmod) to 400 on your configuration php file.
Additionally it is important to only display errors which you actually need; typically for a product website you would prevent any and all errors from printing to your website for visitors. We recommend turning off error_reporting in your php.ini file to avoid showing errors (which may contain your database password) to the world.