0

GoDaddy does not a give FTP root access to my account, meaning I can only access the public_html folder and not the includes folder.

Is there any way I can include the config files in that public folder but somehow make it so only the server can access them in a secure way? How does Wordpress do it?

Anthony
  • 36,459
  • 25
  • 97
  • 163
Nicekiwi
  • 4,567
  • 11
  • 49
  • 88
  • related: http://stackoverflow.com/questions/97984/how-to-secure-database-passwords-in-php – F21 Mar 25 '12 at 04:50
  • If you read the top answers for that question, you will find that they provide solutions for securing your config files when you need to store them in your public web folder. – F21 Mar 28 '12 at 11:07

3 Answers3

3

You could use a .htaccess file to restrict Website Access. Take a look of this article.

xdazz
  • 158,678
  • 38
  • 247
  • 274
1

just make sure they have a .php extension.
(and actually contain PHP code of course)

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
  • I think they mean the php.ini that GoDaddy lets you have in the root of your account (to force php settings). – John V. Mar 25 '12 at 04:52
0

Wordpress keeps the config file in the main folder. Just make sure you have a .php extension and you dont echo anything from that. (I know you wont.)

People really cant get the details inside your php file unless you echo something, or the chmod of the file is set wrong so that people may be able to actually download the file.

As xdazz said, you can also restrict access to your config files, but I think its just for MORE protection, and you are still safe without that.

Kishor
  • 1,513
  • 2
  • 15
  • 25