The first and the easier is to make the configuration file not accessible from the web due to #75.
The more difficult part is to resolve the multiple personality issues the file has. While it is stated in its name that it is a config file, it actually also bootstrapping core. This by itself makes it harder for users which have no familiarity with the kinks of the file to change configuration as placing the change in a wrong place in the file might lead to it being ignored with no notice.
What we are going to do is to keep the wp-config.php file, but keep in it only a comment which refers the reader to .wp-config.php.
For people that are upgrading from WordPress by overwriting the core files we will keep doing it the old way for a long time if we can not detect the .wp-config.php file.
The text was updated successfully, but these errors were encountered:
Too much documentation in WordPress land instructs people to make changes to wp-config.php so instead of renaming it just going to add .htaccess rule to deny direct access to it (which is what changing to .wp-config.php was supposed to achieve)