How do I stop people from accessing the PHP include file that has the username and password for my database?

If you have a file that contains sensitive information, such as the username and password for your database, there are two ways you can protect it.

Password Protection

Because PHP accesses files internally, it will ignore the password protection enabled on directories.  However, if someone went to access the file directly, they would be prompted for a username and a password.

To set a protected directory:

1. Log into your eXtend Control Panel
2. Click ‘Password Protection’
3. Enter in the name of the directory you want to create
4. Enter in a username
5. Enter in a password
6. Click ‘Add Protection’
7. The directory will be created and will be password-protected

Place all sensitive files into the password-protected directory, and this should protect your information.

Root Directories

Because there is a Home directory that contains your public_html directory, it is possible to put and connect to files within your Home directory without the file having any access outside of your account.

To place these files:

1. Log into your eXtend Control Panel
2. Click ‘File Manager’
3. Upload the files into your Home directory

In your publicly-accessible PHP files (the files within public_html), you then need to change the location of the files in your Home directory, like so:

include(‘/home/sites/yourdomain.com/dbconnect.php’)

Where yourdomain.com is your domain name. 

Article ID: 419
Created On: Mon, Mar 16, 2015 at 3:28 PM
Last Updated On: Thu, Apr 23, 2015 at 12:19 PM

Online URL: https://www.heartinternet.uk/support/article/how-do-i-stop-people-from-accessing-the-php-include-file-that-has-the-username-and-password-for-my-database.html