Securing Wordpress

I just set up my own Wordpress server on Ubuntu but I have a question.  How can Wordpress be secure when the database username and password are easily accessible?  Is there a way to protect this information so the site is not compromised?  Mine is just a personal tennis blog but I still don't want it hacked.
LVL 1
Steve BantzIT ManagerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jason C. LevineDon't talk to me.Commented:
Unless your server is returning PHP files as plain text, how is having the connection info in a PHP file any less secure than any other PHP/MySQL application?
Zephyr ICTCloud ArchitectCommented:
Just make sure you're Wordpress folder/file security is set correctly, this way you make sure that you're not making it people too easy to break your site. Wordpress has a nice howto for this here

Mind you, this is just a layer in the onion that is security for webservers and services, there's more you can do, for example, there's plugins that will help you secure your Wordpress installation, like this one.

Then there is also the part of securing your server itself, like fail2ban to block brute force attacks on your ssh login for example, making sure you have your firewall enabled and only allowing access to necessary ports like 80,443,22 or whatnot...
Ray PaseurCommented:
The database username and password should not be accessible to anyone other than the PHP scripts that need them to access the database.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Steve BantzIT ManagerAuthor Commented:
Thanks for all of the replies.  When setting up Wordpress I was just a little spooked that the config file could somehow be downloaded and read.  I will read up on securing my installation further.  I already have complex alpha numeric passwords for everything but I will look at further securing the installation on the Ubuntu server it resides on.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
WordPress

From novice to tech pro — start learning today.