Protecting the WordPress wp-config.php file is another way to beef up your WordPress security. The WordPress wp-config.php file contains very sensitive information about your WordPress installation, such as the WordPress security keys and the WordPress database connection details. You certainly do not want the content of this file to fall into the wrong hands, so WordPress wp-config.php security is definitely something you should take seriously.
Typically wp-config.php is placed in the core WP folder along with other standard files like wp-settings.php, wp-login.php etc. WordPress also supports a more secure option, where in the wp-config.php can reside on the folder outside your WordPress installation. For example, if your WordPress is installed in the folder `/public_html/` folder, instead of having the file being present as `/public_html/wp-config.php`, you should store it as /wp-config.php. WordPress will intelligently pick up the configuration from this instead.