Sucuri one of the best security web based tools, said that WordPress is the most widely known and widely used CMS by far, and the core platform is among the most secure of all. Two things work against WordPress’ security, however. The first is its popularity. WordPress is the world’s most widely-used content platform, accounting for not only over 60% of the market share among CMS, but over a third of the entire internet.
But, one of methods that commonly used by hacker for hacking the CMS WordPress is XSS (Cross-Site Scripting) method. Where hacker can gain access to the wp-config.php file and got the information of accessing database that can be used to manipulate website data, including changing the admin password.
So, we are as the owner of the website have to have a knowledge for securing our website, from the simplest thing, we move the wp-config.php to another more secure folder, which is, etc folder.
Here are the steps for moving the wp-config.php file to the etc folder :
1. Enter to the CPANEL
2. Go to File Manager, and Click It
3. Copy the wp-config.php file to the /etc folder, by right clicking – copy etc folder
4. Make sure that the wp-config.php file has been copied in the /etc folder
5. Change the original wp-config.php file that was copied earlier, with the following code:
include('/home/usernamecpanel/etc/wp-config.php');
Customize usernamecpanel with your cPanel domain username.
DONE..
6. This tip is only one way to improve your wordpress, there are many way to improve… Googling….