Default WordPress configuration file which is also known as wp-config.php is an important file for your WP installation. It holds sensitive information of your site including the database, it’s users name and password. Needless to say that protecting this file from unauthorized access is one of the most important part to ensure the security of your WP based website.
Securing WordPress with .htaccess.
One way to increase the security of your wp-config.php file could be using .htaccess file and denying all the external access to this file using the following lines.
All you have to is to download the .htaccess (if your server supports it) file on your computer and open it up with your HTML editor. Then simply copy the following lines and paste it at the very beginning of your .htaccess file. Save the file and upload it back to your server.
<files wp-config.php> order allow,deny deny from all </files>
Another important thing that you can do is to change the file permission for .htaccess from your FTP client software (i.e. FileZilla). Once the file is uploaded to your FTP server simply press the right button of your mouse and select the “File Permission” option. “Change the file attribute”