Use a simple trick to make your WordPress installation more secure. All you have to do is change the location of your WordPress configuration file.
Wordpress stores your database details (database name, user name, password and host name) in the “wp-config.php” file found in the root directory of the WordPress installation. Along with all other files, this file also resides in the public directory (~/home/user/public_html) of your Cpanel. Keeping the file in the public folder makes it easier for hackers to inject malware or delete your site by compromising your configuration settings.
You can protect your configuration file by using a little trick. WordPress automatically knows to look for your “wp-config.php” file one directory level up than the installation folder. So, by taking out your file from public_html directory and moving it to the private user directory will make it more secure.
Note: This trick will not work if your blog is installed in a sub-directory (domain.com/blog) or as a add-on domain (add-on.domain.com).
Source: Flickr Link
