To further strengthen the security of your application, the best practice is to store files containing sensitive information (i.e. database usernames and passwords in wp-config.php for WordPress) outside the public webroot directory (public_html in Cloudways deployments).
For this reason, we provide a private_html folder one level up of public_html in which you can safely deploy your application configuration files or other sensitive information.
This private_html folder is included in the usual backup, restore, clone processes so any information there will be properly protected and handled.
Securing Application Configuration Files in private_html Folder
Step 1a: Move/Create Configuration Files Using SFTP
You can access the private_html folder with your SFTP client. Just browse a level above public_html and you will find it.
You can then upload any file to the folder.
Step 1b: Move/Create Configuration Files using SSH
Similarly, we can access the private_html folder via an SSH session.
We can then create/move configuration files.
Step 2: Define New Configuration File Path
As explained, this process will vary between applications. For WordPress wp-config.php (most typical use case), here you can find how to do it.
For other applications, please check with your developer.