Manual:Securing database passwords

= LocalSettings.php = LocalSettings.conf contains MySQL database passwords, and the WikiSysop passwords. Verify that apache can gain access to this file, and only administrators have access to this file when logged in.

Fix
Check with your distro for what the apache user is. chown apache mediawikifolder chgrp apache mediawikifolder chmod o-rxw mediawikifolder (removes the access rights from other) (probably repeat with g-rxw ... for LocalSettings.php ) make sure that u has r and x (or chmod 600 LocalSettings.php)

= PHP breakage security problems = If your php breaks, it will serve LocalSettings.php as a regular file, giving the world your WikiSysop password!

Fix
(may break elsewhere!)     Order allow,deny Deny from all Allow from none   Order deny,allow Allow from all  