It is highly undesirable if third-party people see the source files (for example, during DDoS, if the PHP interpreter crashes, then you can just read / download files), so I came up with the following: most of the php files that open in the browser , in themselves have basically a require of a common html header and a require of a file, in which the content that should have been in this file.
But all those files (with real content) are 9unlike the external ones opened by the browser) within the folder to which .htaccess has closed access to users, that is, everything is fine, and if the interpreter does not work, for example, then in the external the content itself will not be visible to the accessible file, after all. Is it worth it?
Answer 1, authority 100%
If you are asking this question, then you need to dig towards the Model View Controller (MVC) and the functionality of the mod_rewrite web server. This will give a real security boost by providing a single “entry point” to the web resource, completely eliminating the possibility of accessing other files. And MVC (model-view-controller separation paradigm), in turn, allows you to correctly separate the functionality of scripts according to their purpose.
Accordingly, as mentioned by @alexWindHopethere are a bunch of php frameworks, most use mvc:
For example, this review
Answer 2, authority 100%
A similar variant is often used:
In files that shouldbe accessed directly, write:
And those that SHOULD NOT:
if (!defined('MY_ENGINE')) die("Hacking attempt!");