config directory should probably be .config

[markkap]

Since it is placed in the wp-content directory which is exposed to the web it should be easily identified as something for which access is denied. At least in calmPress by the default .htaccess is going to block access to all . (dot) files and directories

[markkap]

Thinking about it some more, I am not sure that having it under wp-content is a good decision as in this case you need to know where it is located before you read the configuration and therefore you either need to define WP_CONTENT_DIR before the configuration can be read or just ignore its value when looking for the configuration