Wordpress and other CMS Are easily hacked by SYMLINK We have already protected the server from SYMLINK Protection But as an Additional Security you need to protect your wp-config.php to avoid such attacks

Change the wp-config.php file permission to 400 (Means only the user can read the file and other groups or users can't able to read it)

Add the below line :

Options -Indexes

To your .htaccess file

we recommend you to do this permission 0400 for all your configuration files !

Was this answer helpful? 56 Users Found This Useful (56 Votes)