A number of WordPress blogs hosted at Network Solutions were hacked according to ZDNet. A malicious hacker was able to create a script that scanned for WordPress config files which contain MySQL database credentials in plain text.
WordPress config files should only be read by Apache only with permissions of 750. Most users have their permissions set to 755. WordPress users should set their permissions to 750 to avoid from being hacked.
Another way of protecting WordPress config files is to use .htaccess. Add the following code to your .htaccess file.
# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>
[...] The rest is here: WordPress Blogs Hacked Via Config File » Ulyssesonline.com [...]
[...] post: WordPress Blogs Hacked Via Config File » Ulyssesonline.com hopfeed_affiliate='fwsjay'; hopfeed_affiliate_tid=''; hopfeed_cellpadding=5; [...]
[...] config files which contain MySQL database credentials in plain text. …View full post on wordpress – Google Blog SearchRelated posts:Sucuri Security: Details on the Network Solutions / WordPress mass …Network [...]
[...] See the rest here: WordPress Blogs Hacked Via Config File » Ulyssesonline.com [...]
Good post more and more companies are looking to wordpress as there CMS system of choice. While I think wordpress is tops!! I would advise people to just take time to ensure they have done everything they can to secure there wordpress website.
I think standard permission for file is 644. 755 usually used as folder permission.
I’m just curious if 640 would work. Mine is currently set to 660.
640 is actually recommended as documented in the WordPress forum.
[...] WordPress Blogs Hacked Via Config File » Ulyssesonline.com [...]
If you install mod_fcgid you can set up chmod 600 which is the most secure option. Then web server is running under the specific user. This is the most secure way for shared hosting services.