Where to put the `.db` file?

[impopular-guy]

Putting the wpsqlite.db in the root is probably a security risk.

I haven't checked what the default position is but by default it should be somewhere else where unauthorised users can't reach it like where MySQL would keep its data.

Protecting it with htaccess also means nothing as htaccess files can be replaced with malicious htaccess easily. It is very easy to hack wordpress.

[denisgolius]

Putting the wpsqlite.db in the root is probably a security risk.

I haven't checked what the default position is but by default it should be somewhere else where unauthorised users can't reach it like where MySQL would keep its data.

Protecting it with htaccess also means nothing as htaccess files can be replaced with malicious htaccess easily. It is very easy to hack wordpress.

yep, interesting to know where to store this file

[kkarpieszuk]

I am just browsing the source code and looking at this I see it expects the file to be placed in wp-content/database/

also, as you can see you can define DB_DIR and I would try to provide the full path to directory level up from public_html and place the db there. It should work (although I didn't test)

[impopular-guy]

@kkarpieszuk that may be the only decent choice here. wp-content is probably the worst place. In my past experience I have seen shared hosting servers getting hacked to severe level where hackers are able to access public_html and above and infiltrate other wordpress installations if present.