I need some help.
I was reading the security recommendations of my hosting service and they say that ideally just put the index file and files like css, js and img inside my root folder, and that all other files should be placed off, that is, a level above.
I tried doing this in my tests, and I had some problems. The structure of the hosting folders is:
/
/htdocs
Inside /htdocs I put the index.php file and when accessing it through the url exemple.com/index.php works normally.
But putting other test files out of htdocs is what starts the problem. For example, if I have a file called contact.php and I try to access it through the url exemple.com/contact.php I get the 404 error message.
So the question I have to ask is:
Is it possible to access url files that are outside of htdocs, or better to put all the files that will be accessed by the url inside of htdocs and leave only configuration files outside this folder, like class, functions, database connection, etc?
And if it is possible to access the files by url, how would I rewrite these urls in htaccess?
and that all other files should be placed off
Yes, this is good practice. However, you're misunderstanding the implementation.
You can not directly access files outside the document root. But you can indirectly access them. I.e., the web server can't see them, but your programming code can.
Ideally, your site would use the front controller pattern. Here, your index.php file would serve every page of your app by intercepting every request and then routing it to the correct end point. I.e., you would never directly request /contact.php, you'd instead request /contact, which would get funneled to /index.php, which would load the required resources from outside the doc root.