I moved the wp-config to the hosting root and put it in a new directory and then I included it from the WordPress directory like so: include("../../my-fast-cars/fast-cars.php"); this gave me white screen of death on admin pages and some other pages, moving wp-config back to the WordPress directory immediately solved it. What could I be doing wrong?
I moved the wp-config to the hosting root and put it in a new directory and then I included it from the WordPress directory like so: include("../../my-fast-cars/fast-cars.php"); this gave me white screen of death on admin pages and some other pages, moving wp-config back to the WordPress directory immediately solved it. What could I be doing wrong?
- Also, there was no problem in moving it up just one level from the WordPress directory. – BootUp Commented Feb 14, 2019 at 16:56
- Most likely because the site was cached, and it wouldn't have continued to work. Why do you need to move it? – WebElaine Commented Feb 14, 2019 at 17:04
- For extra security. No cache was cleared. WordPress automatically looks for wp-config one level up. – BootUp Commented Feb 14, 2019 at 17:42
- I don't see a security need to do that. (And this is more of an opinion, than an answer.) But, for a pro/con discussion of this issue, see wordpress.stackexchange/questions/58391/… . – Rick Hellewell Commented Feb 14, 2019 at 17:54
- @BootUp WP only looks 1 level up, it doesn't look 2 levels up – Tom J Nowell ♦ Commented Feb 14, 2019 at 23:58
2 Answers
Reset to default 3wp-config.php includes files, it's not just a config file, and WordPress isn't built to allow putting the file 2 levels up.
However, WordPress already supports loading wp-config.php from 1 level up.
With all of this in mind though, this is only really a protection if you're worried about mis-configuring your server. Unless PHP execution is turned off, which would be a major issue in of itself, wp-config.php won't leak any information.
this gave me white screen of death on admin pages and some other pages
A WSOD is a HTTP 500 error code, to see the real error message you have to look in the PHP error logs. It's the difference between a plane disappearing, and finding its flight recorder/black box.
wp-config needs to be accessible to the public.. I'm guessing that 2 levels up means above the public_html folder (cpanel) at the /home level. If you found a work around to allow access to it at that level you're potentially compromising security. Best to leave it at the same, or only one level up.