The “wp-config.php” file is a WordPress configuration file that contains important information about the database connection and other configuration options.
It is an essential file for the operation of a WordPress site and is located in the root directory of the WordPress installation.
By default, in all WordPress installations from Installatron in cPanel provided by Sered, this file is protected, restricting access to this file and other critical WordPress files or directories via the .htaccess file with the following content:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>
<Files wp-config.php>
<IfModule !mod_authz_core.c>
order allow,deny
deny from all
</IfModule>
<IfModule mod_authz_core.c>
require all denied
</IfModule>
</Files>
You can view these rules in the .htaccess file located in the directory where WordPress is installed.
If this file does not appear, verify that you have enabled the option to display hidden files in your hosting account:
After enabling it, the “.htaccess” file should appear. Otherwise, you will need to create it manually and add the content specified in this guide.
