You can protect your
wp-config.php in WordPress if you have access and your server support
Just make a little addition to your
.htaccess as following:
<File wp-config.php> order allow, deny deny from all </File>
Malicious people will have an harder life in order to get hold of your
wp-config.php file, which contains really sensitive information.
Try this out on a test installation first just to avoid funny surprises in case you have some sort of special configuration.