WordPress and other CMS Are easily hacked by SYMLINK We have already protected the server from SYMLINK Protection But as an Additional Security you need to protect your wp-config.php to avoid such attacks
Change the wp-config.php file permission to 400 (Means only the user can read the file and other groups or users can't able to read it)
Add the below line :
Options -Indexes
To your .htaccess file
we recommend you to do this permission 0400 for all your configuration files !
Regards.