Protect you zp-config.php via .htaccess

nilswindisch

just place a .htaccess file in zp-core with

`

``



Order deny,allow

deny from all



`

adapted from the wordpress security guide (blog).

sbillard

Will this still allow setup.php to read this and possibly write to it?

nilswindisch

reading is no problem (otherwise the zenphoto installation would be unaccessible immediately) and writing should work as well. "deny" protects against wget and alike but server files (like setup.php) will still have full access.