Plugin

Protect wp-config.php · Block Direct Browser Access to Config Files

Returns a blank page if anyone loads wp-config.php or common backup filenames directly in a browser — lightweight, zero configuration.

Download file
Version
15.01
Price
Free

Returns a blank page if anyone tries to load wp-config.php or common backup filenames directly in a browser.

What you get

  • Latest stable plugin ZIP from WordPress.org
  • Public source on GitHub for review and contribution
  • GPL v2-licensed code, free for personal and commercial use

Install

  1. Download the ZIP and upload via Plugins → add New → Upload Plugin.
  2. activate from the Plugins screen.
  3. No configuration required.

Source code

The full source lives on GitHub at https://github.com/thisismyurl/protect-wp-config-from-phishing-attacks. Issues and pull requests welcome.

WordPress.org listing

Originally published at https://wordpress.org/shipped/protect-wp-config-from-phishing-attacks/.

Other downloads from this practice

Christopher Ross

Your consultant

Christopher Ross

I lead the work personally, from discovery and architecture through delivery and handoff.

  • Twenty-two years delivering training and nineteen years building with WordPress.
  • Direct delivery for media, education, and federal government programs.

Sectors covered: Media · Education · Government

View profile Get in touch

Ready to put these resources to work?

Grab what you need. When a template hits the wall of your specific situation, book a 20-minute call and I will help you figure out the next move.

Book a 20-min call Browse services