So, if in the email subject or message would be present JennCria’s Blog words, for example, client output will be JennCria's Blog. This is an email bug!

To fix this email bug you can find a patch on WordPress Trac or, if you wish, you can download our WordPress 2.8.4 function wp-mail Patch.

Now you can download, free of charge! WordPres 2.8.4 wp_mail Patch, downloaded 15 times.

You have to modify one file:

/.htaccess

Preface

You are going to modify the .htaccess file, stored in the same directory of your WordPress wp-config.php file!

1. Backup

so, first of all, backup it and don’t forget to check what you did!

2. Modify .htaccess

You have to add four lines in your /.htaccess file. Below you can see the lines to add:

…
<files wp-config.php>
Order deny,allow
deny from all
</files>
….

That’s all!

What do you have to do if your ISP does not allow you to store files to a higher level than your WordPress root directory? Read .htaccess WordPress – wp-config.php Protection to get the solution!

What do you have to do if your ISP allows you to store files to a higher level than your WordPress root directory but you have more than a blog on the same inside level? Well, you reached the right place!

Security hack described below works with WordPress starting from 2.6 release as reported by WordPress Codex.

The idea started while I was reading this article, so I decided to improvement it.

You have to copy and duplicate one file:

/wp-config.php

and you have to modify another one file:

/wp-load.php

1. Backup

so, first of all, backup them and don’t forget to check what you did!

2. Copy, Duplicate & Rename

Copy your WordPress wp-config.php outside your WordPress root Directory then duplicate and rename it. Now, outside your WordPress directory, you should have:

…
wp-config.php
blogname-config.php
….

3. Modify wp-load.php

You have to modify two lines in your WordPress wp-load.php file. Below is how it looks now, before to apply the security patch:

…
if ( file_exists( ABSPATH . ‘wp-config.php’) ) {
 /** The config file resides in ABSPATH */
 require_once( ABSPATH . ‘wp-config.php’ );
} elseif ( file_exists( dirname(ABSPATH) . ‘/wp-config.php’ ) && ! file_exists( dirname(ABSPATH) . ‘/wp-settings.php’ ) ) {
 /** The config file resides one level above ABSPATH but is not part of another install*/
 require_once( dirname(ABSPATH) . ‘/wp-config.php’ );
} else {
….

Below is how it looks after you applied the security patch (the lines in bold are modified lines):

…
if ( file_exists( ABSPATH . ‘wp-config.php’) ) {
 /** The config file resides in ABSPATH */
 require_once( ABSPATH . ‘wp-config.php’ );
} elseif ( file_exists( dirname(ABSPATH) . ‘/blogname-config.php’ ) && ! file_exists( dirname(ABSPATH) . ‘/wp-settings.php’ ) ) {
 /** The config file resides one level above ABSPATH but is not part of another install*/
 require_once( dirname(ABSPATH) . ‘/blogname-config.php’ );
} else {
….

4. Delete wp-config.php files

Now you can delete yours WordPress wp-config.php files: one of them is inside your WordPress root directory, the other is outside your WordPress root directory. Don’t delete your brand new blogname-config.php file!

That’s all!