Short summary:
- Use mod_security
- Put all of your code except index.php outside of your web root
- Change the default file type in the Apache (or whatever you use) configuration
- Use 'Deny all' to prevent access to folders outside the web root
An archive of things worth mentioning
No comments:
Post a Comment