WP Engine Configuration File Detected

Severity: Low

Invicti possibly detected a WP Engine configuration file.


Configuration files often contain lots of sensitive information that are useful to potential attackers if they are exposed. In case of WP Engine, this may include secret cryptographic salts, API keys and even database credentials.


You should manually check and confirm whether the file is indeed a WP Engine configuration file that contains sensitive information. If this is the case, the file must not be publicly accessible. Please make sure that the configuration file can still be read by WP Engine, but can't be accessed directly through your website.

Further Reading#

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works