I am still developing my website and just wanted to ask whether I am on the right track to ensuring my website coding, database connection, etc is safe.
My public directory obviously has the main pages in which the members will visit.
For example .... log_in.php is located in the public directory.
What ive done is included a hidden directory located outside the public folder so the documents here cannot be viewed directly.
For the log_in.php file I have set up the access code, located it in the include directory file and then used
<?php include "log_in.inc.php"; ?>
All of the php processing code is located in this file.
Is this making the website any more secure from hacking attempts or from errors accidently showing my code or am I just creating extra work for myself with no real benefit?
I have over 100 pages to separate the code and set up the include so would appreciate being told if its not worth the hours of work. lol
Also would like to know if I am supposed to put the actual php.ini file into the public directory as this would surely be a security flaw would it not????