Recently moved my wordpress site to another hosting provider and after importing my database I had issues establishing a database connection. I edited wp-config file and entered my DB_PASSWORD to re-establish a database connection. This fixed my connections problems, but now I would I have a password that I would like to encyrpt. How can I go about doing this.
WP-CONFIG.PHP
/** MySQL database password */
define('DB_PASSWORD', 'my_none_encrypted_password');
Recently moved my wordpress site to another hosting provider and after importing my database I had issues establishing a database connection. I edited wp-config file and entered my DB_PASSWORD to re-establish a database connection. This fixed my connections problems, but now I would I have a password that I would like to encyrpt. How can I go about doing this.
WP-CONFIG.PHP
/** MySQL database password */
define('DB_PASSWORD', 'my_none_encrypted_password');
- 1 And what’s the point of doing that? – Krzysiek Dróżdż Commented Dec 2, 2018 at 23:04
- The thought of a database password in plain text in a file was bothering me mostly because I just switched hosting providers and the PHP files were downloading instead of executing... which has now been fixed. I don't know much about .htaccess files, but I suspect it could have been missing the handler for .php – Eggs Commented Dec 3, 2018 at 0:12
- not clear your question for me . – vikrant zilpe Commented Dec 3, 2018 at 6:31
1 Answer
Reset to default 1Encrypting the DB-Password in the wp-config.php is of no use, neither in your use-case nor in any other.
What is encrypted, has to be decryptable by the system in order to access the database, which means if an attacker is able to get your wp-config.php, he can get everything he needs to decrypt the encrypted password.
For your use case (preventing wp-config to be downloadable if the php-handler is not set), you can put your wp-config.php in a folder that is not accessible by web. Further information can be found here.