Manual:Securing database passwords

= LocalSettings.php = LocalSettings.conf contains MySQL database passwords, and the WikiSysop passwords. Verify that apache can gain access to this file, and only administrators have access to this file when logged in.

Fix
Check with your distro for what the apache user is. chown apache mediawikifolder chgrp apache mediawikifolder chmod o-r-x-w mediawikifolder (I think this is the command) (probably repeat with g-r-x-w ... for LocalSettings.php ) make sure that u has r and x

= PHP breakage security problems = If your php breaks, it will serve LocalSettings.php as a regular file, giving the world your WikiSysop password!

Fix
(may break elsewhere!)     Order allow,deny Deny from all Allow from none   Order deny,allow Allow from all  