So you have code on that file:
# Disable wp-config.txt
location = /wp-config.txt {
deny all;
access_log off;
log_not_found off;
}
What’s the purpose of that? I think it should be wp-config.php?
It’s because backup tools or plugins have been known to save a copy of your wp-config.php as wp-config.txt. If this is the case, an attacker could read your WordPress credentials after carrying out a trivial scan.
1 Like