Of course, there are multiple ways to secure software after their setup,
provided you know a minimum about computer security.

But I think many people just do the default setup the easy way via the
setup wizard.

That's why I believe the developers should take great care securing
their software by default.

> Well the ideal situation for incuding files is when your root is not
> yout webroot.
> But if you dont have this you can make a workaround by placing every php
> file that is not directy called (but included) into a folder and place
> in it an .htaccess file with a deny from all command so it would not be
> accesible from anyone through a browser.
>
>

[ reply ]