WordPress uses a configuration file named wp-config.php, which contains your database name and password in it, as well as other data such as your table prefix and your secret auth keys (as of WordPress 2.6). Normally when a user attempts to load wp-config.php directly, they will be faced with a blank page. However, what happens if there is a server problem with PHP which can happen and has happened to many blogs. Then anyone can view your configuration in plain text, which means your database password [...]