How should I ensure PHP template-part files (eg. home.php) and configuration files (eg. config.php) are not accessible to public website users?
Template-part files are included in master pages, eg. index.php. Config files are used to hold environment variables.
Actually, I am working only on my local Mac at present. My PHP site is being developed in VS Code, running the VS extension PHP Server, which fires up a server on port 3000 in the project folder.
I have read this Tuts+ guide advocating...
public_html
- css
- img
-- content
-- layout
- js
resources
-- config.php
-- library
-- templates
... but I doubt that placement in the resources folder alone is sufficient to deny access. PHP Server does not spin up a public_html folder.
Is it a question of applying the correct file permission?
