Closed davidsneighbour closed 8 years ago
The wp-config.php file in question is the one within your local dev environment, i.e. it's on your dev machine or VM.
ok, I thought wp deploy push staging
would upload the whole application directory the server. sorry, first day with this plugin.
As per README.txt I am supposed to enter my SSH username and password into the wp-config.php file. This is an insecure in my opinion and I do not see why I should expose these in a file inside of the WordPress directory. If someone gets access to this file I expose my whole user account, not only that one single installation.
A better approach would be to put those files in a configuration file that's not inside of the folder we are uploading.
A simple way for paranoids like me would be the option to rsync via sshuser and keyfile or putting the configuration options in a separate file outside of the webroot.