wp-config.php file backups scan

What It Checks

This scanner checks if your installation contains backed up wp-config.php files like wp-config.bak or wp-config.old. Some attackers will try to find some backed up config files to try to steal them. Prevent this kind of attack simply by removing them.

Why It Matters

Some attackers will try to find some backed up config files to try to steal them. Prevent this kind of attack simply by removing them. Backed up configuration files can contain sensitive information like database passwords and security keys.

What You'll See

Good Status:

• You don't have backed up wp-config files.
• Your backed up wp-config.php file was successfully suffixed with [random name].php.

Bad Status:

• Your installation should not contain this backed up wp-config.php file: [file name]
• Sorry, the backed up wp-config.php file could not be renamed.

How to Fix

Rename all the wp-config.bak/.old files using a random name and still using the .php extension to prevent being downloaded. SecuPress can automatically rename these files to make them inaccessible to attackers while keeping them as backups.

Backed Up Config Files