Secure directory structure

Hey there,
just a quick question, and I guess you can help me out easily:

What parts of a Kirby installation need to be in the “public” (root) directory of the webserver? Kirby docs mention that you should put some stuff below root, and also Composer’s vendor shouldn’t be publicly available, so what’s the most hardened setup for Kirby v3?

Thank you all for making the new version such a great tool!

Check out the website repo itself. The /www folder is the web root that contains the public facing files, basically only the assets, the index.php (and the media folder, that doesn’t exist in the repo). The public folder setup is defined in the index.php

1 Like

Thanks, that’s helpful!

As always :kissing_heart:

1 Like

What’s the differenc between the setup for in the /www folder and the explananation of a public folder setup in Kirby’s Guide?

This is the index.php from the website:


include '../kirby/bootstrap.php';

$kirby = new Kirby([
    'roots' => [
        'index'   => __DIR__,
        'content' => __DIR__ . '/../content',
        'site'    => __DIR__ . '/../site',

echo $kirby->render();

If you compare that to the version in the guide, you will notice that the guide example has an additional storage folder, where the /accounts, /session and cache folders are located.

Both are just examples, nothing you have to follow.

Thanks for the lightning fast reply. I’m still new to this and want the setup to be as secure, as possible. So I can just use any of both examples…

Note that such a setup only makes sense if you are not on shared hosting, because on shared hosting, you cannot usually put anything above the document root.

1 Like

you can find a more advanced public folder setup here. this one puts all data that might change in the storage folder (good for automized zero-downtime deployments). since that requires a symlink for kirbys media folder i would not recommend it for beginners but it provides another example how versatile kirbys roots can be configured.

Thank you, I will check that out, when I am ready to deploy my site. This is such a cool community! :smiling_face_with_three_hearts: