davenaylor
commented
8 years ago The wp-config.php file in question is the one within your local dev environment, i.e. it's on your dev machine or VM.
Closed davidsneighbour closed 8 years ago
davenaylor
commented
8 years ago The wp-config.php file in question is the one within your local dev environment, i.e. it's on your dev machine or VM.
davidsneighbour
commented
8 years ago ok, I thought wp deploy push staging would upload the whole application directory the server. sorry, first day with this plugin.
As per README.txt I am supposed to enter my SSH username and password into the wp-config.php file. This is an insecure in my opinion and I do not see why I should expose these in a file inside of the WordPress directory. If someone gets access to this file I expose my whole user account, not only that one single installation.
A better approach would be to put those files in a configuration file that's not inside of the folder we are uploading.
A simple way for paranoids like me would be the option to rsync via sshuser and keyfile or putting the configuration options in a separate file outside of the webroot.