Improve WordPress Security by Moving the wp-config.php File
Here’s a quick security tip that will make it nearly impossible for anyone to access your wp-config.php file. Simply move it one directory above your WordPress root.
Example:
Default wp-config.php file location:
public_html/wordpress/wp-config.php
Move it here:
public_html/wp-config.php
Source: For more WordPress security tips, check out the slides from Brad Williams’ WordPress Security presentation at WordCamp Boston 2010.