What files can be accessed via the web

[bbcjraj]

Hi,
If I look at file manager, I see all kinds of files - email, tmp, etc. as well as the public html files.

My question then, is "What can other people/bots see when they access my site?" Can anyone get past the public html files - do I have to worry about security for them, or if the only thing accessible/hackable the stuff in my public html folder?

Now, I do know that if my password is not secure or I access ftp on a machine with a virus, they could harvest my login info and get in to the back side, but is that the only way to the backend, or could a script do that also?

Thanks
Becky

[alemcherry]

Only files inside the public_html can be accessed via web, others are not accessible.

In addition to what you mentioned, an insecure script can also put you into trouble. If you are running open source scripts like WP, it is important to apply all security patches and upgrades. For custom scripts, make sure that all input data is sanitized. Using difficult to guess passwords, encrypting passwords that goes into database etc are also important.

These should give you reasonaby good security, but there is nothing like absolute security. Shared hosting is not for critical applications.