File System security (PHP)

Basically i want to discuss about file-system security,and yes i tried to search for a solution but no satisfied result.

Let me explain in details.

I have GoDaddy hosting. There are two sites installed. One on root and one is in a sub-folder. Lets say site1 and site2. Both are built with wordpress. I need to do some changes in site2 and i do work in team so i created a FTP account for site2 and shared with team and asked them to use it so they can’t do have any change in site1. but one of developer have download wp-config file of site1 and delete the database. i was wondering how can my database automatically delete(as i wasn’t aware of that). After days of research i find out how he deleted the database.

He created a php file on site2’s root and copy the site1’s wp-config
file into site2 using dirname(getcwd()) and then using that file
,he deleted the database cause wp-config file always have database

Now i am wondering how can i give access of my site2 to the developers securely so they can’t access site1.

Directory structure.

  • wp-config.php
  • wp-content
  • wp-admin

  • site2

    • wp-config.php
    • wp-content
    • wp-admin
    • so on ….
  • another file and so on….

Read more here: File System security (PHP)

Leave a Reply

Your email address will not be published. Required fields are marked *