HostOnNet Blog

Securing your site configurations file

It is always better to move your web site configuration file outside of document root.

This is because if server have an error, this can happen during server upgrades, your configuration files may become view able as plain text or get downloaded instead of executing on servers, that means, your database information, API keys etc.. can become public. I had this happened few times during PHP upgrade, that caused PHP files just get downloaded instead of executing on server side. If you find problem in time, you can stop Apache to avoid this. This is why newer framework only put what is required in DocumentRoot folder.

On WHMCS installation, i moved configuration files out side of DocumentRoot and included the file

cd /home/
mv configuration.php ..

Now create file configuration.php

vi configuration.php

With following content


require '/home/';

Posted in Security