On 02/07/17 08:22, Jean Valjean wrote:
Well I did take my passwords out of webroot. https://www.mediawiki.org/wiki/Manual:Securing_database_passwords#Keep_MySQL...
That doesn't help. It's trivial to get the MySQL password, you can just do "echo $wgDBpassword", not that it is necessary to do anything that an attacker might want to do.
-- Tim Starling