Secure Directories?

[joseftu]

On my blog ( http://www.mountebank.org/blog ), I'm using a wordpress plugin called "authimage." It puts a little picture of a word (a "captcha") for commenters to type in before they're allowed to comment. The idea is that it prevents comment spam.

 

Authimage calls a php function "veriword." That's fine, it all works, but the manual gives this instruction:

 

"Put these in secure directories (not accessible by web users): • config file (veriword.ini) • font files • background files • dictionary file"

 

I don't know how to do that! Right now, those files are accessible to web users. How do I make them inaccessible?

[owatagal]

Assuming the files aren't CGIs, you can put them in the directory above all your /public_html/ files--create a new folder called /private/ or whatever you like and put the files in there. In file manager, you just create the new folder in the first screen that opens up. If you're FTPing in, make sure your FTP program isn't set to go directly to /public_html/, and then add the new folder at the same level as (not in) /public_html/.

 

The path to these files (I'd assume you have to fill that in somewhere?) is

 

/home/cpanelusername/folderyoucreated/

 

If they're CGI, I think you have to do .htaccess magic to protect them. At least, schussat was suggesting CGI scripts won't run above the /public_html/ folder response to a question I asked.

[TCH-Bruce]

You could put them in the wp-admin folder or wp-content folder

[joseftu]

You could put them in the wp-admin folder or wp-content folder

<{POST_SNAPBACK}>

Thanks, Bruce and owatagal.

I'll give one or the other of those techniques a try (and be careful to change the path in the right places!

[stevevan]

Although nothing is truly "secure" (unless it's unplugged), generally anywhere above the public_html directory is a safe bet.