1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 9:36 am Apr 28, 2026

Forum Moderators: coopster

Message Too Old, No Replies

PHP security

n00b question

         

eman

4:39 am on Jan 9, 2004 (gmt 0)

10+ Year Member



Hey there guys, I've gotta n00b question for ya.

At the moment, the only php files that are in my public_html folder at ones that only have include()s in them to server side code files. All the page coding is kept outside public_html. I did this thinking that if someone hacks my public_html folder, they still can't get to the actual server side code files. But in reality, is that even necessary? If someone hacks your site, they will get everything....making this is useless precaution, right?

Basically, is it a good precaution to keep all your code files outside of public_html or are they just as secure from inside public_html?

Thanks for your help
-EMAN

ergophobe

5:01 am on Jan 9, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



I would say that files with passwords or information that exposes aspect of the system you don't want exposed, should be kept out of web root.

If someone gets full access to your account, they can see all, that's true, but at least http alone won't get them beyond the web root.

Tom

g1smd

11:21 pm on Jan 19, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



They will need to FTP in to see everything, so keeping sensitive files above the web root is the right thing to do.

Even the non-sensitive include files can do that, as then they will not be independently spidered by search engines, and you won't have to rely on a robots.txt file to suggest that they stay out.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 9:36 am Apr 28, 2026