Securing wp-config.php

Add the following at the end of the .htaccess file…

<files wp-config.php>
order allow,deny
deny from all
</files>

Move wp-config.php one level up in the directory tree out of the web server's root directory. Typically this means moving it to the directory above public_html