If someone can get into your server, thay have access to everything!
They would have complete control of your files, database, etc. They could do anything.
The way to protect against this would be to be on a quality, secure host/server, and to use strong passwords.
Thread Starter
shix
(@shix)
Thanx, Voodoo.
I always make sure to use strong passwords and do everything else I know how to protect my sites.
This is actually an issue with in-company politics, where I’ve been instructed to protect the files from the people who already have server access info.
..You’re right, off course they would have access to everything.
I guess my question is: is there a way to hide, or password protect say the containing folder, wp-config, theme files and/or the database so that only certain people can have access to them?
That is a server configuration question, and not really related to WordPress.
If they have access to the entire server, there is no way for you to block it – unless you have full control over how the server is configured.
It depends on what access they have, etc. Accounts can be limited to various areas on the server, various DBs, etc, but again, that is beyond the scope of what we can help with here.
You can’t password protect most WordPress core files as that effectively locks WP out of accessing its own scripts in some situations. You will find some info in protecting the wp-admin folder on Hardening_WordPress plus a wealth of other ideas that you could use (such as monitoring file changes).
With regard to databases, it really depends on how the server has been configured. Anyone who has root access via Phpmyadmin, for example, would have access to your database, so you could point out that a lot of this does depend – not on WordPress – but on the way in which the servers are configured and their access controlled.
