I am not much of a hacker, but I have been thinking of ways people can download or get access to my PHP source code. Since PHP is parsed server side, I don't see how someone can download the actual files without somehow hacking my FTP account and downloading the source code.
I know a lot of people change
.php extension to
.whatever to attempt to hide their PHP code, but is that necessary? I can't think of any way for a hacker to get my PHP code by using a browser alone.
I am not asking this to learn how to do it myself, I am more wanting to take any extra and/or necessary steps to secure my PHP source code. Does anyone have any insights?