diff --git a/admin.php b/admin.php
index 6ac705a..adc1f72 100644
--- a/admin.php
+++ b/admin.php
@@ -15,7 +15,7 @@
   $random_salt = generate_salt($permitted_chars);
   $password_hash_method = "sha256";
 
-  $pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
+  $pdo = new PDO('mysql:host=localhost;dbname=web', '%DB_USERNAME%', '%DB_PASSWORD%');
   $query = "SELECT id, name, authentication_algorithm FROM users;";
 
   if (isset($_GET['action'])) {
diff --git a/config/instance.conf b/config/instance.conf
new file mode 100644
index 0000000..812ebd5
--- /dev/null
+++ b/config/instance.conf
@@ -0,0 +1,4 @@
+domain_name=threadr.lostcave.ddnss.de
+threadr_dir=/threadr
+db_username=webstuff
+db_password=Schei// auf Pa$$w0rter!
diff --git a/config/names.conf b/config/names.conf
deleted file mode 100644
index cbdde76..0000000
--- a/config/names.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-domain_name=threadr.lostcave.ddnss.de
-threadr_home=/threadr
diff --git a/macros/pass3_install-config.json b/macros/pass3_install-config.json
index 36c8b97..792e05f 100644
--- a/macros/pass3_install-config.json
+++ b/macros/pass3_install-config.json
@@ -1,5 +1,7 @@
 {
-  "DOMAIN_NAME":["exec","sed --quiet \"/domain_name=/s/.*=//p\" config/names.conf"],
-  "CONTENT_DIR":["exec","sed --quiet \"/threadr_home=/s/.*=//p\" config/names.conf"],
+  "DOMAIN_NAME":["exec","sed --quiet \"/domain_name=/s/.*=//p\" config/instance.conf"],
+  "CONTENT_DIR":["exec","sed --quiet \"/threadr_dir=/s/.*=//p\" config/instance.conf"],
+  "DB_PASSWORD":["exec","sed --quiet \"/db_password=/s/.*=//p\" config/instance.conf"],
+  "DB_USERNAME":["exec","sed --quiet \"/db_username=/s/.*=//p\" config/instance.conf"],
   "ABOUT_PAGE":["file","config/about.template"]
 }
diff --git a/threadr/board/board.php b/threadr/board/board.php
index 1b1d82f..50eb25b 100644
--- a/threadr/board/board.php
+++ b/threadr/board/board.php
@@ -1,5 +1,5 @@
 <?php
-$pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
+$pdo = new PDO('mysql:host=localhost;dbname=web', '%DB_USERNAME%', '%DB_PASSWORD%');
 $statement = $pdo->prepare("SELECT * FROM posts WHERE board_id=:bid ORDER BY post_time asc");
 $statement->execute(array("bid"=>$id));
 foreach($statement->fetchAll() as $ROW) {
diff --git a/threadr/board/index.php b/threadr/board/index.php
index 912eec0..5bdbd33 100644
--- a/threadr/board/index.php
+++ b/threadr/board/index.php
@@ -28,7 +28,7 @@ $id=$_GET['id'];
       <div class="item-1">
         <h1><center>
           <?php
-          $pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
+          $pdo = new PDO('mysql:host=localhost;dbname=web', '%DB_USERNAME%', '%DB_PASSWORD%');
           $error = false;
           $error_message = "";
           if (!$error) {
diff --git a/threadr/boards/index.php b/threadr/boards/index.php
index f3d0068..0b63e94 100644
--- a/threadr/boards/index.php
+++ b/threadr/boards/index.php
@@ -22,7 +22,7 @@ $navbar="boards";
         <div class="item-2">
           <ul class="list">
             <?php 
-              $pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
+              $pdo = new PDO('mysql:host=localhost;dbname=web', '%DB_USERNAME%', '%DB_PASSWORD%');
               $error = false;
               $error_message = "";
               if (!$error) {
diff --git a/threadr/login/redirect.php b/threadr/login/redirect.php
index 9e20fb5..12a93ce 100644
--- a/threadr/login/redirect.php
+++ b/threadr/login/redirect.php
@@ -2,7 +2,7 @@
 session_start();
 %PLEAZE_NO_CACHE%
 
-$pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
+$pdo = new PDO('mysql:host=localhost;dbname=web', '%DB_USERNAME%', '%DB_PASSWORD%');
 $statement = $pdo->prepare('SELECT id, authentication_algorithm, authentication_salt, authentication_string FROM users WHERE name = :username;');
 $result = $statement->execute(array('username' => $_POST['username']));
 if ($statement->rowCount() > 0) {
diff --git a/threadr/profile/index.php b/threadr/profile/index.php
index e7f3047..073c339 100644
--- a/threadr/profile/index.php
+++ b/threadr/profile/index.php
@@ -5,7 +5,7 @@ session_start();
 %NO_CHEAP_SESSION_STEALING%
 %REQUIRE_LOGIN%
 
-$pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
+$pdo = new PDO('mysql:host=localhost;dbname=web', '%DB_USERNAME%', '%DB_PASSWORD%');
 $error = false;
 $error_message = "";
 if (!$error) {
diff --git a/threadr/signup/verify-email/index.php b/threadr/signup/verify-email/index.php
index a74f0de..135a456 100644
--- a/threadr/signup/verify-email/index.php
+++ b/threadr/signup/verify-email/index.php
@@ -25,7 +25,7 @@
   $password_salt = generate_salt($permitted_chars);
   $password_hash_method = "sha256";
 
-  $pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
+  $pdo = new PDO('mysql:host=localhost;dbname=web', '%DB_USERNAME%', '%DB_PASSWORD%');
   //$statement = $pdo->prepare('');
 $navbar = "verify-email";
 ?>
diff --git a/threadr/userhome/index.php b/threadr/userhome/index.php
index e86746d..5db9fbc 100644
--- a/threadr/userhome/index.php
+++ b/threadr/userhome/index.php
@@ -5,7 +5,7 @@ session_start();
 %NO_CHEAP_SESSION_STEALING%
 %REQUIRE_LOGIN%
 
-$pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
+$pdo = new PDO('mysql:host=localhost;dbname=web', '%DB_USERNAME%', '%DB_PASSWORD%');
 $error = false;
 $error_message = "";
 if (!$error) {