HostOnNet Blog

Securing your site configurations file

Looking for Linux Server Admin or WordPress Expert? We can help.

It is always better to move your web site configuration file outside of document root.

This is because if server have an error, this can happen during server upgrades, your configuration files may become view able as plain text or get downloaded instead of executing on servers, that means, your database information, API keys etc.. can become public. I had this happened few times during PHP upgrade, that caused PHP files just get downloaded instead of executing on server side. If you find problem in time, you can stop Apache to avoid this. This is why newer framework only put what is required in DocumentRoot folder.

On WHMCS installation, i moved configuration files out side of DocumentRoot and included the file

cd /home/
mv configuration.php ..

Now create file configuration.php

vi configuration.php

With following content


require '/home/';

Posted in Security

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.