Web site running on WordPress has many advantages over other content management systems, and most important is the config.php file, which contains very sensitive information about your installation of WordPress, including database details table prefix and secret keys.
Therefore, this file must be safe from hackers, because they can find valuable information stored in config.php WP file if someone accessed this file, it can get a Web site database username and password, he can log in and undo everything you've built! So to take whatever steps you can provide this file, so nobody can get access to do this, follow these steps:
Josiah Cole wrote a htaccess tutorial on changing your .htaccess to protect wp-config.
Here's the code from the digging into WordPress andWordPress for Dummies:
After you upgrade your wp-config.php, and change file permissions (chmod) on WP config.php to 640.
If you move the file wp-config to unpredictable and change the code, this will create a problem, every time you upgrade WordPress. So, there's a better solution, create a separate PHP file in a location not WWW and add the file WP-Config. On the following link you can find detailed information about how to create a PHP file and add it in a safe place: protect WordPress wp-config.
If you found this post useful or have any questions, please leave your comment below.