UKJester's "What Is The Root Directory" Rant

Sometimes you are given instructions to place a file above the root folder, for security reasons.
Where exactly is this?

The quick answer is 'somewhere on your server that visitors can't browse to'.

Your webserver is structured a bit like the hard drive on your PC, in a formation like branches on a tree.


With a FTP program or your web hosts file manager, you can normally trace all the folders back to their origin (their root).
In our example, we can see that all the folders originate in the folder named '/'. This is the server root folder.

When we visit the website via the internet (instead of FTP) we do not get access to the server root. From the net, we can only access the 'public_html' folder. This is the document root folder and is the 'root' your instructions were referring to.

We can create a new folder at the server root and this would be 'above' the document root (just like the 'etc' and 'temp' folders in our example). This folder can be accessed by our scripts but can't be accessed by our visitors so is a safe place to store sensitive files, like database connection config files.