Reputation: 4807
Can I place PHP config files securely in a publicly accessible folder?
GoDaddy does not a give FTP root access to my account, meaning I can only access the public_html folder and not the includes folder.
Is there any way I can include the config files in that public folder but somehow make it so only the server can access them in a secure way? How does Wordpress do it?
Upvotes: 0
Views: 420
Answers (3)
Reputation: 1513
Wordpress keeps the config file in the main folder. Just make sure you have a .php extension and you dont echo anything from that. (I know you wont.)
People really cant get the details inside your php file unless you echo something, or the chmod of the file is set wrong so that people may be able to actually download the file.
As xdazz said, you can also restrict access to your config files, but I think its just for MORE protection, and you are still safe without that.
Upvotes: 0
Reputation: 157909
just make sure they have a .php extension.
(and actually contain PHP code of course)
Upvotes: 1
Reputation: 160883
You could use a .htaccess file to restrict Website Access.
Take a look of this article.
Upvotes: 3
Related Questions
- Safe to store PHP files above public directory and load them using require_once?
- Securing a folder on my webserver
- Is there any danger in allowing direct access to PHP files?
- Denying direct access to configuration files
- Secure folder structure for php site
- Private folder in PHP?
- How do I store my website's config file securely?
- Best practice to hide/secure the php-engine config file?
- Secure files with .htaccess
- Hiding PHP Files Outside WWW for Security