How to make files and folders more secure?

Question

How to make files and folders more secure. So no hacker can access not even folder structure should be expose and PHP Security Scanners should give much efficient report ?

I just scan my website which is in CodeIgniter. I've got terrible report. Folder structure and their contents are totally exposed even sessions Ids too.

What should I do to prevent this ? can .htaccess to every folder prevent this ?

I used "Acunetix WVS Reporter".

Answer 1

只是不要将不应公共访问的任何内容放入公共可访问文件夹（ httpdocs/ ， public/或任何文档根目录）

Answer 2

For my site, when i want to include javascript, CSS or images (anything external, really),

i have a PHP file which gets the file contents, like so:

<?php
 $explode = explode(".", $_GET[f]);
 $md5 = md5($explode[0]);
 echo file_get_contents("secretfolder/$md5.$explode[1]");
?>

And in usage in HTML

<img src='include.php?f=heart.jpg'>
<style type='text/css' rel='stylesheet' href='include.php?f=styles.css'>

Then put an index.php in that folder, which redirects to your homepage or displays a phony 404 error.

You should debug and expand the PHP, to remove potential code injection or XSS exploits. I suggest Seeing File GET contents

For more information

Answer 3

这对于CodeIgniter应该是这样的http://codeigniter.com/wiki/Better_Server_Setup_for_CI