tosbourn

If you store WP code on Github consider your wp-config.php

Something to think about if you store WordPress code on GitHub

Written by Toby Osbourn

  • Jan 2013
  • 135 words
  • Git

If you store WordPress code on Github inside of a public repository all your code is public. Most people know and accept this, but people either don’t realise that their database credentials get stored inside the php file wp-config.php or they do and forget to exclude it from their repository.

This means that if you do a simple Google search for site:github.com master/wp_config.php password blob DB_PASSWORD you will find a whole rake of folk with their passwords on display.

It is impossible to tell if they are just sample details or real details, but it is still crumby practice and if you do it you really need to stop now.

I will be contacting people I find to let them know, but please pass this message on to any WordPress/GitHub users you know.

Recent posts View all

Web Dev

Updating payment method email addresses in Stripe

You can't update the email address associated with a payment method in Stripe via their dashboard, you need to use the Stripe CLI

Jul 2024

Ruby

Irreversible Rails Migrations

What are irreversible migrations and how might we use them to our advantage?

Jul 2024