hi
tonight i saw some thing wierd on users with which keyword came to my site
some one typed “http://mysite.com/wp-config.php” in google for seeing my site,does he wana hack my site?what i should to do?
That would be my guess. That file has your password and other configuration details in it. You need to make sure your file permissions are set correctly, and that your htaccess is configured appropriately. I just tried my test install the same way, and I got no response from it, just a blank page.
3 Likes
It might be a good idea to read all of this page
1 Like
This file contains your Database username and password.
It is not accessible by outside visitors, since Wordpress has ensured that their core files are unreadable unless accessed via FTP/Cpanel.
1 Like
so why some one searched this on google?
i denyed every one visit to wp-config.php with .htaccess…
They saw it and accessed that URLs. But most likely they didn’t see anything. Probably a blank page. This is what you call a false-positive.
1 Like
Probably searching for insecure WP installs to exploit. I regularly find rquests for WP admin and config files showing up in my 404 logs. I don’t use WP (hence the 404s), so I assume these are automated programmes just searching for potential security holes.
1 Like
Yes, it is most likely a bot probing than it is anyone specifically targeting your site.
If you look at your logs you will probably find other requests made for non-existent files.
For example, some plugins even require permissions to be set to 777 in order to “work”
There are sites that publish known vulnerabilities.
Good in that others can take steps to fix or remove the vulnerability.
Bad in that script-kiddies will look for sites with the vulnerability.
2 Likes
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.