Is a 3rd party able to access files located about the DocumentRoot?
Document Root is /var/www/website/public
Database credentials are stored at /var/www/website in a php file
What security measures do I need to take to prevent 3rd party access? Obviously someone could access by hacking into the server or compromising a user account. Assuming those don't happen, is this secure?
Unless users can run PHP or another server-side code on the server, yes, it's secure.