Securing Your Passwords

Most people have their MySQL connection strings and other important data in a config/functions file in the main public_html directory. One badly set permission, or even a server glitch, can cause this file to become exposed leaving it vulnerable to direct attack via URL. The solution? Ensure the file cannot be accessed via URL by uploading sensitive data to the root directory (note: not all hosts allow this, GoDaddy being one of them):

Take your typical MySQL connection string:
mysql_connect ('localhost', 'username', 'password');
..and change it to:
@require_once('/home/host-username/connectiondata.php');
mysql_connect ('localhost', USER, PASS);

(where host-username is your login name.)

Create a file called connectiondata.php and upload it above the public_html directory with the following contents:
<?php
define("USER", "your-username");
define("PASS", "your-password");
?>

Replace your-username with your MySQL username (usually your hosting account name followed by an underscore and a name of your choice) and your-password with your connection password.

And BellaBook..?

You can do the same thing for BellaBook! Open config.php and replace the following lines:
$admin_name = "your-username"; // admin username
$admin_pass = "your-password"; // admin password

..with:
@require_once('/home/host-username/connectiondata.php');
$admin_name = BB_USER; // admin username
$admin_pass = BB_PASS; // admin password

Edit/create connectiondata.php and add to it:
<?php
define("BB_USER", "username");
define("BB_PASS", "password");
?>

Don’t forget to change username and password to the username and password you’ve been using! (You may need to clear out your cookies and log-in again after making these changes.)

Comments

  1. Thanks for this :) I had no idea. If I’m using WordPress, where would I find this?

Speak Your Mind

*