To further strengthen the security of your application, the best practice is to store files containing sensitive information (i.e. database usernames and passwords in wp-config.php for WordPress) outside the public webroot directory (public_html in Cloudways deployments).
For this reason, we provide a private_html folder one level up of public_html in which you can safely deploy your application configuration files or other sensitive information.
This private_html folder is included in the usual backup, restore, clone processes so any information there will be properly protected and handled.
Securing Application Configuration Files in private_html Folder
Step 1a: Move/Create Configuration Files Using SFTP
You can access the private_html folder with your SFTP client. Just browse a level above public_html and you will find it.
You can then upload any file to the folder.
Step 1b: Move/Create Configuration Files using SSH
Similarly, we can access the private_html folder via an SSH session.
We can then create/move configuration files.
Step 2: Define New Configuration File Path
As explained, this process will vary between applications. For WordPress wp-config.php (most typical use case), here you can find how to do it.
For other applications, please check with your developer.
That’s it! We hope this article was helpful. If you need any help, then feel free to search your query on Cloudways Support Center or contact us via chat (Need a Hand > Send us a Message). Alternatively, you can also create a support ticket.