You can protect your wp-config.php
in WordPress if you have access and your server support .htaccess
.
Just make a little addition to your .htaccess
as following:
<File wp-config.php> order allow, deny deny from all </File>
Malicious people will have an harder life in order to get hold of your wp-config.php
file, which contains really sensitive information.
Try this out on a test installation first just to avoid funny surprises in case you have some sort of special configuration.