How to Secure Your WordPress wp-config.php File
Securing your wp-config.php file should be one of your top WordPress security priorities.
The config file in WordPress contains all the data, (database name, username and password,) a Hacker needs to know to get into your database. Once into your database it is possible to change your data configuration and your passwords, effectively locking you out of your own website. Hiding you config file is a simple task that will take you less than 5 minutes to implement. See video below:-
WordPress lets you place your wp-config.php file one level above the installation folder, so as long as your wordpress is installed in the main public_html (www) directory, you can move it up to your main user directory out of public sight. You can do this in your CPanel file manager or with an FTP program such as Filezilla.
By default the permissions on the config file are set to 664 which allows the public to read the file. Once you have moved it above the www directory it won’t be visible to the visitor but as there is no need for it to be writable, so you can safely change the file permissions to 600.