Hiding WordPress database config

  • jason_hayes

    (@jason_hayes)


    1 week, 2 days ago

    I need to use the “set environment variable” for sensitive information like the database password and salt keys but I’m not sure how– is there any info or a plugin?

Viewing 8 replies - 1 through 8 (of 8 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    1 week, 2 days ago

    It’s inaccessible and safe.

    Moderator threadi

    (@threadi)

    1 week, 2 days ago

    I’m not sure if I understand the question correctly. The database connection details and salts are always stored in the wp-config.php file. The contents of this file are not publicly accessible and are therefore secure. But what do you mean by “is there any info or a plugin?”?

    Thread Starter jason_hayes

    (@jason_hayes)

    1 week, 2 days ago

    I guess they want the password for the database stored in a .conf file on the server and use this to fetch it

    // Example: Setting the database name using an environment variable
    define( ‘DB_NAME’, getenv(‘DB_NAME’) ?: ‘default_database_name’ );

    // Example: Setting a custom API key
    define( ‘MY_API_KEY’, getenv(‘MY_API_KEY’) );

    Thread Starter jason_hayes

    (@jason_hayes)

    1 week, 2 days ago

    They said to usecthis:


    ServerName example.com
    DocumentRoot /var/www/html

    # Set your variables here
SetEnv DB_NAME "my_database_name"
SetEnv DB_USER "my_user"
SetEnv DB_PASSWORD "my_secure_password"
SetEnv WP_ENVIRONMENT_TYPE "development"

<Directory /var/www/html>
    AllowOverride All
    Require all granted
</Directory>

    and add this to wp-config.php:

    define( ‘DB_NAME’, getenv(‘DB_NAME’) );
    define( ‘DB_USER’, getenv(‘DB_USER’) );
    define( ‘DB_PASSWORD’, getenv(‘DB_PASSWORD’) );

    // Optional: Set the environment type (local, development, staging, production)
    if ( getenv(‘WP_ENVIRONMENT_TYPE’) ) {
    define( ‘WP_ENVIRONMENT_TYPE’, getenv(‘WP_ENVIRONMENT_TYPE’) );
    }

    Moderator threadi

    (@threadi)

    1 week, 2 days ago

    Who are “they”? What requirements are you going by here?

    Thread Starter jason_hayes

    (@jason_hayes)

    1 week, 2 days ago

    I’m building g a wordpress website for someone and they want it secured like that. It seems pretty straight forward. But I thought there mighr be a security plugin that does this for me. I don’t think a plugin could get root access though. I have root access

    • This reply was modified 1 week, 2 days ago by jason_hayes.
    Moderator threadi

    (@threadi)

    1 week, 2 days ago

    Okay, now we have some context for your issue.

    But no, there’s no plugin for that. As you described above, you have to configure it manually. Since what you wrote seems to be a quote, I suspect you’re not entirely sure what you need to do?

    Since I don’t do this often either, I just tested it myself. It’s actually two steps:

    1) You need to add these entries to your Apache virtual host configuration:

    SetEnv DB_NAME "my_database_name"
    SetEnv DB_USER "my_user"
    SetEnv DB_PASSWORD "my_secure_password"
    SetEnv WP_ENVIRONMENT_TYPE "development"

    2) In wp-config.php, you need to adjust this (don’t add anything! The constants are already there):

    define( 'DB_NAME', getenv('DB_NAME') );
    define( 'DB_USER', getenv('DB_USER') );
    define( 'DB_PASSWORD', getenv('DB_PASSWORD') );

    If, for example, the current entry is:

    define( 'DB_NAME', 'my_database_name' );

    you need to replace the value with the value of the variable, like this:

    define( 'DB_NAME', getenv('DB_NAME') );

    This worked perfectly on my test system.

    If you don’t have virtual host configurations in Apache, you need to enter the information in the central configuration file. The name of this file depends on the server structure.

    If you’re using a tool like cPanel, Plesk, ispconfig, or similar for server administration, you may need to enter the information elsewhere in that tool. The support documentation or manual for these tools will help you with this.

    If you’re using an nginx server instead of Apache, a completely different configuration would be needed for step 1. The nginx manual should help with this.

    Thread Starter jason_hayes

    (@jason_hayes)

    1 week, 1 day ago

    Awesome. I’ll have to figure out what file to add the information to the “Apache virtual host configuration” and I’ll have to look for it. I’m sure there’s documentation for WHM/cPanel that will help me find which one to edit. I’m using Cloudlinux9 with Apache.

    Thanks!

    • This reply was modified 1 week, 1 day ago by jason_hayes.
Viewing 8 replies - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.