A fresh mix of code snippets and tutorials

(More) secure PHP includes

Quick tip for securing your PHP includes, place them above your web-accessible root directory.

So for example, if you normally keep your includes in a web-accessible directory, such as:


Instead, move the files further up the directory structure so they’re not accessible from the Web, like so:


Then include them in your theme files via their full path:

<?php include_once('/var/includes/some-file.php'); ?>

Bada-bing, files included in this way are inaccessible from the World Wide Web.

★ Pro Tip: