Every WordPress installation contains a configuration file that holds essential data for your Web site to work. The file, wp-config.php, is located in your WordPress installation directory (see Chapter 4 of this minibook). Simply put, your Web site doesn't work if this file is missing or if the data found within the file is incorrect.
More than likely, you haven't even looked at your wp-config.php file yet because when you download the WordPress software, the file is actually wp-config-sample.php. When you install WordPress, the file is renamed wp-config.php and is populated by WordPress with the following information, some of which you may remember from when you installed WordPress, and some that we explain later in this chapter:
All this information must be present in the wp-config.php file for your installation to work correctly. If WordPress already works on your site, most likely, your wp-config.php file is correct and functioning beautifully. (See Chapter 4 in this minibook for how to install WordPress.)
As you can probably already guess, hackers find the valuable information stored in the wp-config.php file attractive. If someone with nefarious intent were to get your database username and password, ...