The best way is to not store them in a place accessible to the public. I put all of my config files ect. outside the web root.

Yes probably the best way but files such as images and CSS documents JS dosument MUST MUST MUST be availbale to the public there is no way around this!

If you do however have to put them in a folder in the web root then the htaccess command "deny from all" will disallow everyone (including yourself) from viewing that folder via http, it will still be accesable via FTP.

But as I said do not put any files you link in your HTML in there PHP documents are fine because they are server side whereas your browser in my cas firefox will take those files like CSS JS and images and add it to the page.

Yes probably the best way but files such as images and CSS documents JS dosument MUST MUST MUST be availbale to the public there is no way around this!

If you do however have to put them in a folder in the web root then the htaccess command "deny from all" will disallow everyone (including yourself) from viewing that folder via http, it will still be accesable via FTP.

But as I said do not put any files you link in your HTML in there PHP documents are fine because they are server side whereas your browser in my cas firefox will take those files like CSS JS and images and add it to the page.

I use php files to serve image/css/js files. So they don't have to be accessible to the public. I keep member audio/video files for example in a directory outside the web root so they can't be hotlinked.

This article has been dead for over six months. Start a new discussion instead.