0

Is it okay to put my wordpress config file (containing database name, username, password, etc.) on my GitHub repo if I'm using wordpress with my website? Or is it not secure? Why or why not?

If it's not secure, what steps can I take to not put on GitHub since it's public but at the same time be able to use GitHub as version control for my website and push files to the server?

Improve this question

2 Answers 2

Reset to default
3

No, I would not upload your config file to your repository. Unless it's private, but even then...use caution. As a best practice I only add the theme folder that I am working on into the repository, there really is no need to add Wordpress in its entirety to the repo.

To ignore that file when pushing to your repo add it to your .gitignore (https://help.github.com/articles/ignoring-files/) and it wont be added.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

In addition to using .gitignore to keep your wp-config.php file out of your repo, you can also move it one directory above where you have WordPress installed and WordPress will look for it there.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.