Access WP-Config.php Credentials

  • Resolved DuckSportsFan

    (@ducksportsfan)


    7 years, 1 month ago

    Update suggestion: I happen to store all my WP credentials in a file outside my public_html directory…to provider greater security… I call this file from the wp-config.php file, to load php variables for the credentials. For example,

    require( dirname( __FILE__ ) . ‘../../../.PFF/files.conf’ );
    /** The name of the database for WordPress */
    define(‘DB_NAME’, $ep);
    /** MySQL database username */
    define(‘DB_USER’, $user);
    /** MySQL database password */
    define(‘DB_PASSWORD’, $pswd);
    /** MySQL hostname */
    /*define(‘DB_HOST’, ‘localhost’);*/
    define(‘DB_HOST’, $host);
    /*WordPress Database Table prefix.
    $table_prefix = $ep_pre;

    It would be nice if you could address this method, and perhaps provide fields for us to define each credential with a variable name, so you can read them, and advise us to use them for this purpose if we are utilizing this method.

    The reason I do this, primarily, is because I have 12+ web sites I manage, and it’s very easy to manage admin credentials from just one file. I know you understand the concept. I hope this turn a light on for ya! Thank you for an excellent WP plugin!

    The page I need help with: [log in to see the link]

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Hi,

    You can do that with the help of the NinjaFirewall undocumented $wp_config variable. But you will need to make a small adjustment to your code:

    1. You must add to your “files.conf” the following 5 directives (replace X’s with the proper values):

    <?php
define('DB_NAME', 'xxxx');
define('DB_USER', 'xxxx');
define('DB_PASSWORD', 'xxxx');
define('DB_HOST', 'x.x.x.x');
$table_prefix  = 'xx_';

    2. In the “wp-config.php” file from each blog, comment them out.

    3. Add the require( dirname( __FILE__ ) . ‘../../../.PFF/files.conf’ ); to each “wp-conf.php” file. FYI, you can use __DIR__ instead of dirname( __FILE__ ) which is a bit faster ??

    4. Create a “.htninja” file for each blog, and add the following code:

    <?php
/*
 +===================================================================+
 | NinjaFirewall optional configuration file                         |
 |                                                                   |
 | See: https://nintechnet.com/ninjafirewall/wp-edition/help/?htninja|
 +===================================================================+
*/

$wp_config = '/full/path/to/files.conf';

    NinjaFirewall will notice the “$wp_config” variable and will use it instead of the “wp-config.php”.

    Plugin Author nintechnet

    (@nintechnet)

    I’m thinking that that will load the same DB credentials and prefix for each blog, which is not good obviously.

    You will need to make small changes to my previous code. For instance:

    1. In the “wp-config.php” for “domain01.com” you could have:

    
require( dirname( __FILE__ ) . ‘../../../.PFF/files.conf’ ):
load_credentials("domain01.com");

    2. In your “files.conf”:

    <?php

function load_credentials( $domain ) {

   global $table_prefix; // Important!

   if ( $domain == "domain01.com" ) {
		
      // domain01.com credentials: 
      define('DB_NAME', 'xxxx');
      define('DB_USER', 'xxxx');
      define('DB_PASSWORD', 'xxxx');
      define('DB_HOST', 'x.x.x.x');
      $table_prefix  = 'xx_';

   } elseif ( $domain == "domain02.com" ) {

      // domain02.com credentials:
      define('DB_NAME', 'xxxx');
      define('DB_USER', 'xxxx');
      define('DB_PASSWORD', 'xxxx');
      define('DB_HOST', 'x.x.x.x');
      $table_prefix  = 'xx_';

   } elseif ( $domain == "domain03.com" ) {

      // domain03.com credentials:
      ...
      ...
   }
}
    • This reply was modified 7 years, 1 month ago by nintechnet.
    Plugin Author nintechnet

    (@nintechnet)

    Forget my second post, it won’t work if you are running NinjaFirewall in “Full WAF” mode!

    Thread Starter DuckSportsFan

    (@ducksportsfan)

    Thanks! Yes, like I said, I maintain multiple web sites… I gues a simple solution would be to create separate “XX_files.conf” files for each domain…at least they’d be all in one spot to modify. Here’s an example of my “fies.conf” contents:

    
<?
/** set timezone for server */
date_default_timezone_set('America/Los_Angeles');

/** vars for server */
$path = "/home/xxxcom/public_html";

/** vars for database credentials */
$host	 		= "localhost";
$user 			= "xxxx";
$pswd 			= "xxxx";

/** vars for MySQL databases */
$ep		 	= "xxxx_estateplanningmap";
$rea	 		= "xxxx_reagentmap";
$pro	 		= "xxxx_theseminarpros";
$ref	 		= "xxxx_refractivemap";
$scheduler		= "xxxx_kdunnscheduler";
$calendar		= "xxxx_kdunncalendar";

/** vars for database table prefixes  */
$ep_pre 		= "wp_xxxx_";
$rea_pre 		= "wp_xxxx_";
$aaoapa_pre 		= "wp_xxxx_";

?>
    Plugin Author nintechnet

    (@nintechnet)

    The problem is that NinjaFirewall does not load the “wp-config.php” (it can’t otherwise that would load WordPress as well), hence it reads it line by line and looks for “define(‘DB_NAME’, ‘xxx’);” etc to get the DB credentials.

    The simplest solution is as per my first example, but using one configuration file per site and having the “$wp_config” pointing to the corresponding one. Somehow, it is also a bit safer because right now, all your DB credentials are accessible from one site i.e., the whole file is loaded and it includes all DBs password.

    Thread Starter DuckSportsFan

    (@ducksportsfan)

    Yes, I use only one database password for all sites. I change the random 13 alpha-numeric string every year…so my setup makes it easy. Oh, by the way, I have one main domain on bluehost and all other domains are “addon” domains, which each domain root resides as a directory in the root of the main domain… So my hidden config file is accessible to all my domains.

    With your first suggestion, I’ll have to create a separate “hidden” config file, which is doable, and easier than maneuvering around to each directory for my domains when I want to change the password.

    Thanks for your help with this issue.

    @nintechnet @ducksportsfan
    Great job!

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Access WP-Config.php Credentials’ is closed to new replies.