Secure Wordpress Installations Server-wide (cPanel/WHM) On a Server where You're not using cageFS and proper configurations a user may be able to access the files owned by other users. It has been known that whenever some hacker/intruder gets access to one account on cPanel Server, he tries to gain access to all sites hosted on the server. Most common method is to scan the CMS configuration files which are present on the server. For example hacker scans the wp-config.php files and symlinks these files to view the db information. This can be avoided to keep the permissions of config files so that other linux users are not able to access it. Here is the command which will scan all wp-config.php files on server and changes permissions to 0600. find /home/*/public_html -name "wp-config.php" -type f -exec chmod -v 0600 {} \;