Returns a blank page if anyone tries to load wp-config.php or common backup filenames directly in a browser.
What you get
- Latest stable plugin ZIP from WordPress.org
- Public source on GitHub for review and contribution
- GPL v2-licensed code, free for personal and commercial use
Install
- Download the ZIP and upload via Plugins → add New → Upload Plugin.
- activate from the Plugins screen.
- No configuration required.
Source code
The full source lives on GitHub at https://github.com/thisismyurl/protect-wp-config-from-phishing-attacks. Issues and pull requests welcome.
WordPress.org listing
Originally published at https://wordpress.org/shipped/protect-wp-config-from-phishing-attacks/.
Other downloads from this practice
- WordPress Nofollow Plugin. Auto-add nofollow, target=_blank, and noopener to external links.
- Site Kit Portal Pin. Preserve Google Site Kit OAuth across staging-to-production clones.
