The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums Other WordPress Security Re: WordPress Security


I know that WordPress rewriting works the same way. But I’m just unable to understand why people want files that visitors do not need access to lying around in a public folder. (This was the TLDR-version of my way too long OP). No visitors need access to the wp-config.php file – then why is it accessible at all? It is really simple to store php files outside the public folders and that is one of the most basic and most efficient things you can do, when you are trying to make a website more secure. You can solve the issue in other ways (like defining a constant in your index.php and only execute the other files if that constant is defined – “disabling direct access by code”) but why would you? It is another place where hard-to-catch-security flaws can pop up…

The answer to your question is simple; No. It will not interfere as the php file references is not requested via URLs on the internet, but requested as files on the server running the php script…

CI, PHPCake and such are not worth the time in my opinion. PHP is essentially a framework, making CI a framework build on a framework. Maybe someone will be able to make code faster in such frameworks, but it comes with a cost – decreased performance and just loads of unnecessary bs.

I recommend this article written by the creator of PHP – a good example of how you can make clean simplistic and efficient code, fast, with PHP as-is.