How to not expose password in wp-config as plain text

Recently Wordfence cleaned up my site and have asked me to do this ..
Root access passwords should be very strong and never exposed as plain text.
I am not sure this is done.. I am assuming you type the 'DP PASSWORD' as a variable and store the variable is some secure location on the server.. if that's correct then please advise how this can be done..

  • Pawel
    • Staff

    Hello Alim!

    I hope you're well today and thank you for reaching out to us!

    I think that it rather means that it's discouraged to use root user as the database user for a WordPress installation. Usually, you would set up a separate user and database for each WordPress site so that there is no security hole. Normal users like this can only access their own databases, so in the worst case any damage is limited to one site's tables. With root, besides someone being able to hack in and access root password (which usually is the same for the database and server's admin), the posible damage done by malicious code can affect the entire database and server configuration.

    In this case, I would rather encourage you to create a new database user, give him the permissions to this one site and update the wp-config accordingly.

    As for the solution you presented - I think that might work to disallow acces through browser, but it's not as good as simply changing the user to one witl less permissions.

    Hope that helps!

    Kind regards,

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.