Title: Renaming wp-config.php ?? Last modified: August 22, 2016 --- # Renaming wp-config.php ?? * [pete_398](https://wordpress.org/support/users/pete_398/) * (@pete_398) * [11 years, 8 months ago](https://wordpress.org/support/topic/renaming-wp-configphp/) * The last few months, we are getting many attempts to view wp-config.php * For example this one .. * /blog/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php * I see there is mention at [http://codex.wordpress.org/Hardening_WordPress#Securing_wp-config.php](http://codex.wordpress.org/Hardening_WordPress#Securing_wp-config.php), on how to ‘secure’ the file by moving it to another path. * What about renaming wp-config.php ? I ran a search on where the file is used .. * /wp-load.php /wp-admin/options-general.php /wp-admin/setup-config.php /wp-admin/ network.php * Any problems with renaming it, apart from it will have to be redone at each update? Viewing 4 replies - 1 through 4 (of 4 total) * [Clayton James](https://wordpress.org/support/users/claytonjames/) * (@claytonjames) * [11 years, 8 months ago](https://wordpress.org/support/topic/renaming-wp-configphp/#post-5383208) * _“wp-admin/admin-ajax.php?action=revslider\_show\_image&img=.”_ * That’s a common attempt to exploit a vulnerability in an particular version of a popular Slider plugin. * A quick explanation of what you’re seeing in your logs, and whether or not it could affect you: [http://wptavern.com/critical-security-vulnerability-found-in-wordpress-slider-revolution-plugin-immediate-update-advised](http://wptavern.com/critical-security-vulnerability-found-in-wordpress-slider-revolution-plugin-immediate-update-advised) * Thread Starter [pete_398](https://wordpress.org/support/users/pete_398/) * (@pete_398) * [11 years, 8 months ago](https://wordpress.org/support/topic/renaming-wp-configphp/#post-5383247) * Thanks for advising about the exploit. I don’t have that plugin, however there may be weaknesses in the plugins I do have, or in WP core itself, to display wp-config.php * I think the best solution for me is to rename the file. * [Clayton James](https://wordpress.org/support/users/claytonjames/) * (@claytonjames) * [11 years, 8 months ago](https://wordpress.org/support/topic/renaming-wp-configphp/#post-5383250) * Renaming the configuration file will cause your site to fail. [Proper permissions – and if you like – properly moving the file and -or- denying access ](http://codex.wordpress.org/Hardening_WordPress#Securing_wp-config.php), is all that’s usually required. * [edit] just an afterthought: a grep on the WordPress archive shows roughly 21 php files that contain ~76 references to `wp-config.php`. I’m sure some of those references are commented, but you can easily see the issue with editing core files. * Thread Starter [pete_398](https://wordpress.org/support/users/pete_398/) * (@pete_398) * [11 years, 8 months ago](https://wordpress.org/support/topic/renaming-wp-configphp/#post-5383251) * Well, I don’t know how I got only 4 references; there are roughly 21 as you say. * Will do the .htaccess tip, lower the perms to 400 or 440 (444 now), and think about moving it outside the web root path. Thanks Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘Renaming wp-config.php ??’ is closed to new replies. ## Tags * [wp-config](https://wordpress.org/support/topic-tag/wp-config/) * In: [Hacks](https://wordpress.org/support/forum/plugins-and-hacks/hacks/) * 4 replies * 2 participants * Last reply from: [pete_398](https://wordpress.org/support/users/pete_398/) * Last activity: [11 years, 8 months ago](https://wordpress.org/support/topic/renaming-wp-configphp/#post-5383251) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics