Hello
I dont have zend encoder so can I put my config.php to other place that hacker can not read the file . For ex
the config.php in includes folder will like this:

<?php
include (../../config.conf)
?>
the config.conf will put on to folder that only root can read it.

Sorry I am not a coder but that's my idea ? is it able ??

thanks
T

You can move the file out of the webroot, but the webserver process must have read permission. As it will need read permission a hacker who can read the ./includes/config.php will immediatly see the real path and can also read that.

Best solution: Make sure hackers can not get file access.