Did you read a tutorial that asks you to edit your wp-config file, and you have no idea what it is? Well we’ve got you covered. In this article, we will show you how to properly edit the wp-config.php file in WordPress.
What is wp-config.php File?
As the name suggests, it is a configuration file that is part of all self-hosted WordPress sites.
Unlike other files, wp-config.php file does not come built-in with WordPress rather it’s generated specifically for your site during the installation process.
WordPress stores your database information in the wp-config.php file. Without this information your WordPress website will not work, and you will get the ‘error establishing database connection‘ error.
Apart from database information, wp-config.php file also contains several other high-level settings. We will explain them later in this article.
Since this file contains a lot of sensitive information, it is recommended that you don’t mess with this file unless you have absolutely no other choice.
But since you’re reading this article, it means that you have to edit wp-config.php file. Below are the steps to do it without messing things up.
Video Tutorial
If you don’t like the video or need more instructions, then continue reading.
Getting Started
First thing you need to do is to create a complete WordPress backup. The wp-config.php file is so crucial to a WordPress site that a tiny mistake will make your site inaccessible.
You will need an FTP client to connect to your website. Windows users can install WinSCP or SmartFTP and Mac users can try Transmit or CyberDuck. An FTP client allows you to transfer files between a server and your computer.
Connect to your website using the FTP client. You will need FTP login information which you can get from your web host. If you don’t know your FTP login information, then you can ask your web host for support.
The wp-config.php file is usually located in the root folder of your website with other folders like /wp-content/.
Simply right click on the file and then select download from the menu. Your FTP client will now download wp-config.php file to your computer. You can open and edit it using a plain text editor program like Notepad or Text Edit.
Understanding wp-config.php file
Before you start, let’s take a look at the full code of the default wp-config.php file. You can also see a sample of this file here.
<?php
/**
* The base configuration for WordPress
*
* The wp-config.php creation script uses this file during the
* installation. You don't have to use the web site, you can
* copy this file to "wp-config.php" and fill in the values.
*
* This file contains the following configurations:
*
* * MySQL settings
* * Secret keys
* * Database table prefix
* * ABSPATH
*
* @link https://codex.wordpress.org/Editing_wp-config.php
*
* @package WordPress
*/
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'database_name_here');
/** MySQL database username */
define('DB_USER', 'username_here');
/** MySQL database password */
define('DB_PASSWORD', 'password_here');
/** MySQL hostname */
define('DB_HOST', 'localhost');
/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');
/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');
/**#@+
* Authentication Unique Keys and Salts.
*
* Change these to different unique phrases!
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
*
* @since 2.6.0
*/
define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
define('NONCE_KEY', 'put your unique phrase here');
define('AUTH_SALT', 'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT', 'put your unique phrase here');
define('NONCE_SALT', 'put your unique phrase here');
/**#@-*/
/**
* WordPress Database Table prefix.
*
* You can have multiple installations in one database if you give each
* a unique prefix. Only numbers, letters, and underscores please!
*/
$table_prefix = 'wp_';
/**
* For developers: WordPress debugging mode.
*
* Change this to true to enable the display of notices during development.
* It is strongly recommended that plugin and theme developers use WP_DEBUG
* in their development environments.
*
* For information on other constants that can be used for debugging,
* visit the Codex.
*
* @link https://codex.wordpress.org/Debugging_in_WordPress
*/
define('WP_DEBUG', false);
/* That's all, stop editing! Happy blogging. */
/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');
Each section of wp-config.php file is well documented in the file itself. Almost all settings here are defined using PHP Constants.
define( 'constant_name' , 'value');
Let’s take a closer look at each section in wp-config.php file.
MySQL Settings in wp-config.php File
Your WordPress database connection settings appear under ‘MySQL Settings’ section of the wp-config.php file. You will need your MySQL host, database name, database username and password to fill in this section.
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'database_name_here');
/** MySQL database username */
define('DB_USER', 'username_here');
/** MySQL database password */
define('DB_PASSWORD', 'password_here');
/** MySQL hostname */
define('DB_HOST', 'localhost');
/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');
/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');
You can get your database information from your web hosting account’s cPanel under the section labeled databases.
If you cannot find your WordPress database or MySQL username and password, then you need to contact your web host.
Authentication Keys and Salts
Authentication unique keys and salts are security keys that help improve security of your WordPress site. These keys provide a strong encryption for user sessions and cookies generated by WordPress. See our guide on WordPress Security Keys for more information.
/**#@+
* Authentication Unique Keys and Salts.
*
* Change these to different unique phrases!
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
*
* @since 2.6.0
*/
define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
define('NONCE_KEY', 'put your unique phrase here');
define('AUTH_SALT', 'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT', 'put your unique phrase here');
define('NONCE_SALT', 'put your unique phrase here');
/**#@-*/
You can generate WordPress security keys and paste them here. This is particularly useful if you suspect your WordPress site may have been compromised. Changing security keys will logout all currently logged in users on your WordPress site forcing them to login again.
WordPress Database Table Prefix
By default WordPress adds wp_ prefix to all the tables created by WordPress. It is recommended that you change your WordPress database table prefix to something random. This will make it difficult for hackers to guess your WordPress tables and will save you from some common SQL injection attacks.
/** * WordPress Database Table prefix. * * You can have multiple installations in one database if you give each * a unique prefix. Only numbers, letters, and underscores please! */ $table_prefix = 'wp_';
Please note that you cannot change this value for an existing WordPress site. Follow the instructions in our how to change the WordPress database prefix article to change these settings on an existing WordPress site.
WordPress Debugging Mode
This setting is particularly useful for users trying to learn WordPress development, and users trying experimental features. By default WordPress hides notices generated by PHP when executing code. Simply setting the debug mode to true will show you these notices. This provides crucial information to developers to find bugs.
define('WP_DEBUG', false);
Absolute Path Settings
The last part of wp-config file defines the absolute path which is then used to setup WordPress vars and included files. You don’t need to change anything here at all.
/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');
Useful wp-config.php Hacks and Settings
There are some other wp-config.php settings that can help you troubleshoot errors and solve many common WordPress errors.
Changing MySQL Port and Sockets in WordPress
If your WordPress hosting provider uses alternate ports for MySQL host, then you will need to change your DB_HOST value to include the port number. Note, that this is not a new line but you need to edit the existing DB_HOST value.
define( 'DB_HOST', 'localhost:5067' );
Don’t forget to change the port number 5067 to whatever port number is provided by your web host.
If your host uses sockets and pipes for MySQL, then you will need to add it like this:
define( 'DB_HOST', 'localhost:/var/run/mysqld/mysqld.sock' );
Changing WordPress URLs Using wp-config.php File
You may need to change WordPress URLs when moving a WordPress site to a new domain name or a new web host. You can change these URLs by visiting Settings » General page.
You can also change these URLs using wp-config.php file. This comes handy if you are unable to access the WordPress admin area due to error too many directs issue. Simply add these two lines to your wp-config.php file:
define('WP_HOME','http://example.com');
define('WP_SITEURL','http://example.com');
Don’t forget to replace example.com with your own domain name. You also need to keep in mind that search engines treat www.example.com and example.com as two different locations (See www vs non-www – Which one is better for SEO?). If your site is indexed with www prefix then you need to add your domain name accordingly.
Change Uploads Directory Using wp-config.php
By default WordPress stores all your media uploads in /wp-content/uploads/ directory. If you want to store your media files in someother location then you can do so by adding this line of code in your wp-config.php file.
define( 'UPLOADS', 'wp-content/media' );
Note that the uploads directory path is relative to the ABSPATH automatically set in WordPress. Adding an absolute path here will not work. See out detailed guide on how to change default media upload location in WordPress for more information.
Disable Automatic Updates in WordPress
WordPress introduced automatic updates in WordPress 3.7. It allowed WordPress sites to automatically update when there is a minor update available. While automatic updates are great for security, but in some cases they can break a WordPress site making it inaccessible.
Adding this single line of code to your wp-config.php file will disable all automatic updates on your WordPress site.
define( 'WP_AUTO_UPDATE_CORE', false );
See our tutorial on how to disable automatic updates in WordPress for more information.
Limit Post Revisions in WordPress
WordPress comes with built-in autosave and revisions. See our tutorial on how to undo changes in WordPress with post revisions. However, if you run a large site revisions can increase your WordPress database backup size.
Add this line of code to your wp-config.php file to limit the number of revisions stored for a post.
define( 'WP_POST_REVISIONS', 3 );
Replace 3 with the number of revisions you want to store. WordPress will now automatically discard older revisions. However, your older post revisions are still stored in your database. See our tutorial on how to delete old post revisions in WordPress.
We hope this article helped you learn how to edit wp-config.php file in WordPress and all the cool things you can do with it. You may also want to see our article on 25+ extremely useful tricks for WordPress functions file.
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
Priyanshu Nandi says
Which code lines l have to type to increase
Max_input_vars value in this file
WPBeginner Support says
That would require changes to your htaccess or a different file, we would recommend reaching out to your host for assistance with what you’re wanting to do.
Admin
WPBeginner Support says
Thank you, glad you liked our article
Admin
S.s. Brar says
Great article. A must have information for WP admins.
Thanks to Syed and His Team.
WPBeginner Support says
Glad our article could be helpful
Admin
Mister No says
Hi there, great article. I’m having a problem with my website mobile version. When I try to open it on the mobile phone it says “This site is experiencing technical difficulties”.
What should I do to make my site work again properly?
Thanks in advance
WPBeginner Support says
There are a few possible reasons you could be receiving that error, for a starting point you would want to take a look at our guide here: https://www.wpbeginner.com/beginners-guide/beginners-guide-to-troubleshooting-wordpress-errors-step-by-step/
Admin
Paul says
Syed, all of a sudden, I can’t upload images (message: missing a temporary folder). Tried to log into WordPress to check support blogs and my username is not recognised.
WPBeginner Support says
For that error, you would want to take a look at our guide here: https://www.wpbeginner.com/wp-tutorials/how-to-fix-missing-a-temporary-folder-error-in-wordpress/
Admin
Gale says
I am a newbie at wordpress. I uploaded the files via Filezilla and got everything configured. Now how exactly do I actually access my new wp-blog site?
Wp is in the root (public_html) of my website. There were several other file folders that came with Wp. Do I upload them into the public_html folder as well?
WPBeginner Support says
If you’re installing WordPress using FTP then you would want to take a look at our guide here:
https://www.wpbeginner.com/how-to-install-wordpress/#installftp
Once the site is set up you would want to go to your login page and log in with the user you created in the installation process:
https://www.wpbeginner.com/beginners-guide/how-to-find-your-wordpress-login-url/
Admin
Esther says
Hi, I found out when I was installing WordPress, it was installed in subdirectory Wp and has a result my website can’t go live, my web host said I have to uninstall and install again and I should leave the Wp in the Installation panel blank, my problem is that I have designed the website only to go live and once I uninstall everything will be wiped off, what do I about it, Is there a way to avoid that?
WPBeginner Support says
If your host requires the site to be in the main directory, you would want to follow the steps in the WordPress coded to move directories on your existing server
Admin
Mina says
Hi,
Thank you for the useful article.
I’m new to this file and I have a basic question. I changed the cache plugin of my site and I need to change the line about it at the beginning of the file to override details of the previous plugin.
Once my file is updated, can I upload it while the cache plugin is activated, and deactivate/reactivate it just after, or do I have to deactivate the plugin before uploading the new wp-config file ?
Thanks for your help.
WPBeginner Support says
If your plugin is requiring you to edit your wp-config file you would normally want to edit the wp-config file before activating your new plugin.
Admin
Tiar says
hi, i have a wordpress site, i want edit my wordpress site in local, but when i already backup and run my wordpress in local. the page is full of white. can you help me ? im beginner in wordpress
WPBeginner Support says
For moving your live site to a local installation, you would want to use the guide here: https://www.wpbeginner.com/wp-tutorials/how-to-move-live-wordpress-site-to-local-server/
Admin
Arthur says
I have updated my website (lostkatanning.com) o WP 5.1 (the Gutenberg update) but now, when working on pages or posts it has slowed right down to a crawl and takes forever to respond to even a single key touch. I have tried numerous things from various websites but nothing seems to work. It is starting to do my head in! Any ideas on how to get my speed back?
WPBeginner Support says
Hi Arthur,
You can disable the Gutenberg by installing the classic editor plugin to temporarily solve the problem.
Admin
mostafa says
Hi
I have a wordpress site. Today I realized my wp-config.php file has been removed for no reason (The reason is not important for me right now).
I want to know what happens if I create another wp-config.php file in the root directory of my website by renaming the wp-config-sample.php file again and set the database name blah blah blah
does it affect my pages and posts? How about the users who have signed up to my website? does it remove them? If the answer is yes, isn’t it better for me to restore backup? The only problem for restoring backup is that it is for two days ago and I posted a new content yesterday and I will miss it.
Thank you very much in advance
WPBeginner Support says
Your user and post information is in the database so that information shouldn’t be affected, as long as you connect it to your correct database then there shouldn’t be any change.
Admin
Deepak says
Hello,
How do I edit wp-config for setting other smtp using WP smtp plugin ?
Plugin says, “The password is stored in plain text. We highly recommend you setup your password in your WordPress configuration file for improved security; to do this add the lines below to your wp-config.phpfile.
define( ‘WPMS_ON’, true ); define( ‘WPMS_SMTP_PASS’, ‘your_password’ ); ”
Where do I exactly add the code ? It don’t shown in tutorial video or article of Wpbeginner.
WPBeginner Support says
Hi Deepak,
You can add this code just before the line that says ‘That’s all, stop editing! Happy blogging’ in your wp-config.php file.
Admin
Riyaz says
Thank you for sharing this article, it was simple and easy to understand.
Gaurav Bhatnagar says
Hi, I just updated my WordPress to new version manually using FileZilla. My website was working. But then, I did some update inside wp-config.php file. Now the size of that file on server has become ‘0’. Even if I update it from local PC, it still remains ‘0’. What should I do? Now website is not working. I am getting – HTTP Error 500
WPBeginner Support says
Hi Gaurav,
You can download a fresh copy of WordPress and extract it on your computer. Inside it you will find a wp-config-sample.php file. You can upload this file to your server and rename it to wp-config.php. You will now need to edit wp-config.php file and enter your WordPress database information.
Admin
Gaurav Bhatnagar says
It worked. Thank you.
Greg Bryant says
I have an intranet-based wordpress site that I’m setting up. I’m having issues with the proxy configuration in wp-config.php. I’ve tried about everything I know and I still keep getting ‘Proxy Authentication Required” errors.
define(‘WP_PROXY_HOST’, ‘https://proxy.domain.com’);
define(‘WP_PROXY_PORT’, ‘3128’);
define(‘WP_PROXY_USERNAME’, ‘domain\\username’);
define(‘WP_PROXY_PASSWORD’, ‘xxxxxx’);
define(‘WP_PROXY_BYPASS_HOSTS’, ‘localhost’);
Our internal wordpress site can detect that there are new versions of plug-ins but when I try to update I get the proxy authentication error. I’ve tried the variables above with https, http, just proxy.domain.com, the username escaping the \, not escaping the backslash, etc. I looked at the code in class-wp-http-proxy.php and it appears the authentication connects the username with a : and then the password like the http(s)_proxy environment variable. I’ve tried local host for the bypass and an empty string. Our Windows domain uses an file; is there a place to specify this?
I get the same proxy authentication errors trying to download anything from the internal wordpress site.
Error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the support forums. (WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.) in /var/www/epkb.mw-process-ctrl.com/public_html/wp-admin/includes/plugin-install.php on line 168
I’m also having an issue with php’s file_get_contents if that’s something wordpress uses. cURL works fine.
Any ideas?
Thanks
WPBeginner Support says
Hi Greg,
Please make sure that your localhost environment has curl extension installed and enabled for PHP. Please see our guide on how to fix secure connection error in WordPress for more details.
Admin
Greg Bryant says
I have curl installed.
It lists ipV6 as yes but I have ipV6 disabled since our network doesn’t support it.
I think the problem is authenticating with our proxy. On the server I use:
(the \ is escaped when setting the env variables). Above is my wp-content proxy settings.
I’m using ufw for my firewall and have tried with it enabled & disabled with the same results.
Any other ideas?
Thanks
WPBeginner Support says
Hi Greg,
We are not sure. You can post on WordPress.org forums may be someone who has faced similar situation can help out.
Jon M says
Do the changes take effect immediately after saving the new wp-config file?
WPBeginner Support says
Hey Jon,
Yes, they are effectively immediately. However, if you are editing wp-config file in a text editor on your computer, then simply saving your changes may not change the wp-config.php file on your server. You will need to upload the changed wp-config.php file back to your server for changes to take effect.
Admin
Andy says
What’s the best way to upload the changed wp-config.php file back to the server?
Can the tutorial be updated with how to upload the adjusted config file? The tutorial seems to be incomplete for the (relative) novice
WPBeginner Support says
Hi Andy,
We have linked to our article on how to use FTP to upload WordPress files. It also applies to editing your wp-config.php file. You can simply download your wp-config.php file to your computer using FTP. Edit it to make your desired changes and then upload it back using the same FTP client.
Hope this helps.
ayush says
I did something silly , i removed the www part from wp site url under Setting-General . Now admin panel is getting redirected to wordpress one. i used your steps to copy both lines with modification and uploaded via ftp . No luck .Plz help
Boris says
Excellent post. I am a newbie and learned a lot.
I have an issue with my site. It looks like I have been hacked. I ran WordFence scan and it caught a line of code in my wp-config.php file that it flagged as not belonging there. Following is the code:
My question is this. Can I remove the "@include…" from the file without screwing up the .php file.
Any guidance will be appreciated.
WPBeginner Support says
Hi Boris,
Is the file part of the core WordPress software, a plugin, or a theme? If yes, then download a fresh copy of WordPress core, plugins, or theme the file belongs to and then upload the new file.
You can also download the file to your computer before editing the code as a backup. If anything goes wrong you can then upload it back.
Admin
Saud Razzak says
Great post, glad I read.
Steph says
I’m having problems accessing site. I debugged and am getting a list of problems but most seem to come back to this one:
“Notice: get_settings is deprecated since version 2.1.0!
Use get_option() instead. in /usr/local/pem/vhosts/xxxxxx/webspace/siteapps/WordPress-xxxxx/htdocs/wp-includes/functions.php on line 3752″
But line 3752 reads:
” trigger_error( sprintf( __(‘%1$s is deprecated since version %2$s! Use %3$s instead.’), $function, $version, $replacement ) ); ”
So i’ve no idea what to replace. I’m sure this is 101 stuff to you, but I’m really confused!! I would really appreciate your advice, thank you.
Steph says
Found your section on disabling plugins – which was a great help as the the site is now viewable whilst I try to resolve. This is the message I see now when logged in WP Admin
” Catchable fatal error: Argument 1 passed to Genesis_Admin_CPT_Archive_Settings::__construct() must be an instance of stdClass, instance of WP_Post_Type given, called in /usr/local/pem/vhosts/xxxxxx/webspace/siteapps/WordPress-xxxxxx/htdocs/wp-content/themes/genesis/lib/admin/menu.php on line 122 and defined in /usr/local/pem/vhosts/xxxxxx/webspace/siteapps/WordPress-xxxxxx/htdocs/wp-content/themes/genesis/lib/admin/cpt-archive-settings.php on line 38 ”
Am in a spot of bother and could really use your help – thank you!
WPBeginner Support says
Hey Steph,
Try updating your Genesis child theme. Connect to your website using FTP and download your child theme as a backup. After that delete child theme folder from your website.
Next, download a fresh copy of the theme and install it. If this doesn’t work, then try updating Genesis core itself.
Admin
Hell Men says
If i delete salt key can i decrypt wordpress password ?
Sean says
Hi,
I did something silly and now can’t get my site to work. Basically I kept my site live at said URL example.com and created a folder where I built the WordPress site example.com/Wordpress. However when I went to put the wordpress site into the root folder after backing everything up I forgot to change the site URL in the dashboard. i basically then removed my entire site and copied everything from the wordpress site into the root URL. It didn’t work – so I thought I would remove everything and restore my site as it was with both the wordpress and the normal site working.
However once I restored all the files the wordpress site now errors with 404 Page not found and I can’t login into the dashboard either.
Any idea how I can restore this? I think it is looking in the root directory and WordPress folder for the site or something similar and it’s causing the error – but how do I fix it?
Thanks
Sean
WPBeginner Support says
Hi Sean,
You can update WordPress URLs by adding this code to your wp-config.php file:
define('WP_HOME','http://example.com');define('WP_SITEURL','http://example.com');
Admin
Dan says
Hello i would like to have it when i upload an image it gets uploaded to my cloud from wordpress.
i got a url & api key.
Any suggestions would be cool. thanks.
Eeswar Reddy says
Best site for WordPress Beginners. Solved my blog problem simply. Thank u so much Sir…
WPBeginner Support says
You are welcome
Don’t forget to join us on Twitter for more WordPress tips and tutorials.
Admin
Karl says
Nice instructions, as far as they go. However, I know it is ALSO possible to edit wp-config.php directly through WordPress’ Admin area but it seems to be a closely guarded secret as to HOW to actually do this. I do not have FTP access to my site so I have to use some other method and I’d rather not go chasing down the rabbit hole of trying out various flaky plugins until I find one that actually works. Your assistance as to what menu drill-down to explore in WordPress Admin would be greatly appreciated.
WPBeginner Support says
It is not a good idea to edit wp-config.php file inside WordPress admin area. One tiny mistake and you will be locked out of your WordPress site. If you do not have FTP access, you can try editing it via cPanel’s file manager.
Admin
Angela says
I don’t want to sound stupid, but please help me understand… are the wp-config.php changes supposed to be made on my Mac or on the host for my website. They are two different machines.
Please help! I keep making changes to my web site and all of a sudden they just do not ‘take’.
Best regards,
Angela
WPBeginner Support says
You can make changes to wp-config.php file using an FTP client. It allows you to edit files on your web server. After connecting to your website using an FTP client, you need to locate wp-config.php file and download it to your computer. Make changes it to it using a text editor like TextEdit. Save your changes and then upload the file back to your web server using the FTP client.
Admin
Sharron says
Ok, so I added define(‘WP_ALLOW_REPAIR’, true); to my downloaded wp config file with notepad. Now what?
Ray says
Once you have done that, you can see the settings by visiting this URL on your blog:
yoursite.com/wp-admin/maint/repair.php
You have 2 buttons
1st – Repair Database
2nd – Repair and Optimize Database
I suggest u click the 1st one and wait for the process to finish.
John Johnson says
CODA is an FTP Client as well. Correct?
PiNo says
Hi,
For security I add to my .htaccess
<files wp-config.php>
order allow,deny
deny from all
</files>
Kind regards