Jump to content

Installation paths and moving folders


Rob
 Share

Recommended Posts

I was going to move my folders around so that the only bits that have public access are the minimum assets (images, css, js etc) and the index.php - am I right in thinking I can move it all around as long as I set the various location variables in index.php correctly?

I'm still only developing locally at the minute, but I want to be sure I can do this when it goes live, it's not a good idea to have the entire installation underneath the public web root.

Link to comment
Share on other sites

That's correct that you should be able to change these things in /index.php (though I've not tried it out). However, I don't think you'll find any extra security in doing that. So long as you keep your htaccess file up to date with your PW version, ProcessWire's .htaccess is already blocking access to everything relevant in it's structure. Though there wouldn't be anything useful to a hacker even without the htaccess. Modifying index.php will also make upgrades a little more difficult, since it's considered a core file (one that is overwritten during upgrades). Unless you can think of something I've missed in this regard, and assuming your using a solid web host, I don't think it's worth the time/trouble to relocate directories.

Years ago, it used to be (and may still be) considered good security to move the file with your DB password outside of the web root, and perhaps include it separately into the CMS's config. That was just on the off chance that PHP stopped working and Apache kept going, and started serving PHP files as TXT files. I have never seen this happen in the decade I've been using PHP, and don't think it's even possible with today's software.

There was also the concern that some other user on a shared hosting platform could code up a script (running as apache) to file_get_contents() your config.php and see what your DB password is. I think there is merit to that concern on some web hosts, but most hosts are now sufficiently jailed to prevent such access from other users on the same server.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...