Say I have an /images folder in my website, which I don't want to be browsed by visitors. I usually prevent it by creating an empty ./images/index.php file. Is it 100% safe?
I mean, if the user knows the filename, they can type website.com/images/image.jpg, that's OK, but they cannot see the contents of the folder, right?
Method One
Put the .htaccess file in the desired folder. Edit this file and put
deny from all
This way it will solve all your problem of direct access and will not have to put additional index file in the folder.
Method two
If you want to go with putting index file or do not want any file to be accessed directly, then put
<?php
if(!defined('Variable')) {
die('No direct access');
}
?>
In the file you dont want to be accessed and put
<?php
define('Variable', TRUE);
?>
in the index.php.