View Full Version : should the admin directory be inside the public_html with password or outside

05-15-2008, 06:31 AM

I my website i have placed the admin directory inside the public_html.
You can say almost my every other directory is inside the public_html.

Is that safe or public_html should only contains scripts which the users have access to .

Is there any guide on how should be the directory structure of a website

05-15-2008, 06:35 AM
If you can put the password outside. Ideally you can put the username and password in a database then just check the posted stuff with the database stuff. Be sure to use mysql_real_escape_string on the posted stuff as to prevent mysql injection. Btw how will you get to the admin directory yourself if its outside of the public_html directory?

As to a guide, no there really isn't one but to keep files together its better to create directories for them. For example I have an index page and a directory called inc. In inc I put all of my includes. Then I have a folder called js. I put all my .js files in there. Same goes for CSS. Same goes for images. I have an admin directory that contains only files that would be used by the admin pages. If you are using includes be sure to prevent them from being accessed directly.

05-15-2008, 06:47 AM
Currenly my files in the include folder are listing on the website when i use


How can i prevent it

05-15-2008, 07:09 AM
Found it


IndexIgnore * or Options -Indexes
in the .htaccess file in that directory