Be careful with backups of config.php
One big security hole that is all too common with Moodle is to take a backup of the
config.php file and give it a non-php extension e.g.
What this usually does is leave the file visible for viewing by anyone that visits that url e.g.
Because the file is not a PHP script, it will be rendered in plain text by the browser, and therefore expose any sensistive information in
config.php like your database name, database user and password!