Basically i want to discuss about file-system security,and yes i tried to search for a solution but no satisfied result.
Let me explain in details.
I have GoDaddy hosting. There are two sites installed. One on root and one is in a sub-folder. Lets say site1 and site2. Both are built with wordpress. I need to do some changes in site2 and i do work in team so i created a FTP account for site2 and shared with team and asked them to use it so they can’t do have any change in site1. but one of developer have download wp-config file of site1 and delete the database. i was wondering how can my database automatically delete(as i wasn’t aware of that). After days of research i find out how he deleted the database.
He created a php file on site2’s root and copy the site1’s wp-config
file into site2 using dirname(getcwd()) and then using that file
,he deleted the database cause wp-config file always have database
Now i am wondering how can i give access of my site2 to the developers securely so they can’t access site1.
- so on ….
- another file and so on….
Read more here: File System security (PHP)