Modify wp-load.php to search for wp-config.php 2 directories higher
|Reported by:||chipbennett||Owned by:||ryan|
Currently, wp-load.php looks for wp-config.php both in the same directory as wp-load, and also one directory higher. Thus, for the default use case (WordPress installed in a subdirectory, e.g. public_html/wordpress/), wp-config.php can be placed in /public_html/wordpress/ or /public_html/.
Due to security concerns (e.g. the recent Network Solutions wp-config.php hack), it may be advantageous to move wp-config.php above the publicly accessible /public_html/ directory altogether, as such:
Granted, anyone who would go to the trouble of moving wp-config would probably not leave file permissions insecure. Even still, this would provide an extra layer of security for obscuring database credentials.