report/security/report security check configrw
From MoodleDocs
It's important that you CHMOD (set permissions) on config.php as read-only. Typically this means setting it to 644, or in some cases 444.
If you cannot do this with your FTP software, try using the File Manager supplied with your webhosting account. Simply navigate to the file you want to alter permissions for, then click on the File Properties link/button and set permissions.
If you're using a Windows server, simply set the file as Read-Only for Everyone.
See also
- Using Moodle Security and Privacy forum