Is it secure to keep my webpages(php pages) inside public_html folder on a production server?
This is my first php project and I'm going make it online very soon. Recently i have read some articles about not keeping the php scripts inside public folder because if the server is not configured correctly php scripts might be visible as pure text and that is a big security concern if those scripts have sensitive information(like DB credentials etc.). But i believe, I shouldn't be concerned. As my php pages are mainly consist of multiple include/require. Here is an example:
home.php<?php
require_once (‘…/resources/app_config.php’);
require_once (‘…/resources/includes/functions.php’);
require_once (‘…/resources/includes/header.php’);
?>
<body>
The body elements…
</body>
<?php
require_once (‘…/resources/includes/footer.php’);
?>
Here is the directory structure of my project:
resources
|___ app_config.php
|___ includes
|___ functions.php
public_html
|___ css_dir
|___ js_dir
|___ images_dirindex.php
home.php
profile.php
so my question is should I be concerned about moving my php pages out of the public folder or there is nothing to concern ?? Thank you.
#php #apache #security