Introducing Cloudways Community Forum. Start Discussions and Get Instant Help From Cloudways Community. JOIN NOW

Securing Application Configuration Files in private_html FolderJuly 14, 2015


In this KB

  • Best practices for storing sensitive files
  • How to move files to¬†private_html folder


To further strengthen the security of your application, best practice is to store files containing sensitive information (i.e. database usernames and passwords in wp-config.php for WordPress) outside the public webroot directory (public_html in Cloudways deployments).

For this reason, we provide a private_html folder one level up of public_html in which you can safely deploy your application configuration files or other sensitive information.

This private_html folder is included in the usual backup, restore, clone processes so any information there will be properly protected and handled.

Step 1a: Move/Create Configuration Files Using SFTP

  • You can access the private_html folder with your SFTP client. Just browse a level above public_html and you will find it.
  • You can them upload any file to the folder.
create configuration SFTP

Step 1b: Move/Create Configuration Files using SSH

  • Similarly, we can access the private_html folder via an SSH session.
  • We can then create/move configuration files.
create configuration SSH

Step 2: Define New Configuration File Path

As explained, this process will vary between applications. For WordPress wp-config.php (most typical use case), here you can find how to do it.

For other applications, please check with your developer.

Have Questions? Ask From Our Helpful Community

Comments are closed.

Still need help? Our support team is waiting to help you. Ask them now