Moving Your wp-config.php File
With the correct file permissions and a correctly configured web server, keeping your wp-config.php file in the same public folder as the rest of your blog should be perfectly fine. But, when it comes to protecting your website, security is an onion (or Ogre apparently); the more layers, the more of it you got.
The WordPress Codex affirms this sentiment and recommends that you move your wp-config.php away from its default install location. WordPress.org self-hosted blogs allow you to move your wp-config.php up one level from your blog’s root. That’s all well and good, but for most web servers, one level up from your blog root is still a public_html folder. You’re best off putting it in a folder that’s not a subdirectory of your public_html or WWW folder. That way, the chances of someone reaching it via a web browser or any other HTTP application is virtually nil.
Here’s what you do: CLICK HERE FOR INSTRUCTIONS