If you have a file that contains sensitive information, such as the username and password for your database, there are two ways you can protect it.
Because PHP accesses files internally, it will ignore the password protection enabled on directories. However, if someone went to access the file directly, they would be prompted for a username and a password.
To set a protected directory:
Place all sensitive files into the password-protected directory, and this should protect your information.
Because there is a Home directory that contains your public_html directory, it is possible to put and connect to files within your Home directory without the file having any access outside of your account.
To place these files:
In your publicly-accessible PHP files (the files within public_html), you then need to change the location of the files in your Home directory, like so:
include(‘/home/sites/yourdomain.com/dbconnect.php’)
Where yourdomain.com is your domain name.
Article ID: 419
Created On: Mon, Mar 16, 2015 at 3:28 PM
Last Updated On: Thu, Apr 23, 2015 at 12:19 PM
Online URL: https://www.heartinternet.uk/support/article/how-do-i-stop-people-from-accessing-the-php-include-file-that-has-the-username-and-password-for-my-database.html