report/security/report security check configrw
It’s important that you CHMOD (set permissions) on config.php as read-only. Typically this means setting it to 644, or in some cases 444.
If you cannot do this with your FTP software, try using the File Manager supplied with your web hosting account. Simply navigate to the file you want to alter permissions for, then click on the File Properties link/button and set permissions.
If you’re using a Windows server, simply set the file as Read-Only for Everyone.