How to Protect mybb /inc directory

Let's face it - the ./inc/ directory shouldn't be accessible to the public. It's merely a collection of classes and functions. It also houses sensitive information such as database configurations and settings.

Protecting the directory from public access is simple and requires little effort. We'll be addressing this issue in MyBB 2.0 by allowing files to sit below the webroot so they cannot be accessed. For now, this will have to suffice.

This little tip assumes you're using an Apache webserver. For NGINX/lighttpd/etc. you'll need to refer to your webserver's manual.

Firstly, create a file called htaccess.txt. This will be renamed later but due to files that are prefixed with a period being hidden by default this is the best method.

You want to edit this file with a text editor such as Notepad++ or even Notepad itself will do (Although not recommended) and put the following line at the top:

deny from all

Now simply save it and upload to the ./inc/ directory on your webhost. You will then need to rename it to .htaccess

You can test it's working by going to

If you receive a 403 error then everything is working as planned and is inaccessible to the real world.

Now all of your configurations and settings are protected just in case something is mis-configured server side.

OP-Nathan Malcolm

Full security guide -

Possibly Related Threads…
Thread / Author Replies Views Last Post