Jethost’s Help Center


Protect wp-config.php File with JetHost Total Care

The wp-config.php file is one of the most important files in your WordPress installation. It contains your database credentials, secret keys, and configuration settings. If this file becomes accessible, your entire site is at risk. That’s why the JetHost Total Care protect wp-config.php setting exists to block public access and keep your site safe.

Why You Should Protect wp-config.php

By default, WordPress puts wp-config.php in the root of your site. Although most servers block direct access, that’s not guaranteed. If a visitor or bot can open this file, they may see everything they need to take over your site.

Enabling this setting helps you:

  • Prevent external access to sensitive configuration data
  • Block one of the most common hacking targets
  • Add another line of defense without touching server files

Even if your host has security rules in place, it’s smart to add protection at the WordPress level too.

What Is wp-config.php and Why It’s Critical

The wp-config.php file stores critical data:

  • Database name, user, and password
  • Authentication keys and salts
  • Paths, debug settings, and other overrides

If someone gains access to this file, they can potentially connect to your database, inject malicious code, or lock you out of your own site. That’s why hiding it from public access is a top priority.

How to Protect wp-config.php with JetHost Total Care

To control autosave using JetHost Total Care:

1. Log in to your WordPress dashboard.
2. Open the JetHost Total Care section from the sidebar.
3. In the tab Security, look for the setting labeled Protect wp-config.php file.
4. Toggle the switch to turn it on.

JetHost Total Care protect wp-config.php

JetHost Total Care saves the change automatically when you toggle the setting.

JetHost Total Care Security setting updated

What Happens After You Enable the Setting

Once enabled, JetHost Total Care blocks direct access to wp-config.php. If someone tries to open it via URL, they’ll get a denial message or blank page, depending on your server configuration.

Meanwhile, WordPress continues to use the file internally so your WordPress website keeps running as normal, just with less exposure.

JetHost Experts Tip

If you’re securing a live site, this should be one of the first settings you turn on. It’s invisible to your visitors but critical for keeping control over your site.

Need More Help?

The JetHost Total Care protect wp-config.php setting adds a strong layer of protection around one of WordPress’s most sensitive files. With just one click, you can block one of the most common entry points attackers look for. Take a look at more WordPress security guides to stay ahead of common issues.

Back to help