DAVID MALAN: Let's improve the course's homepage a little bit further, this time for security reasons. Thus far, all of our files, whether meant to be visited by a user directly in a browser via specific URL or whether meant to be included, as with PHP's function require, everything has ultimately been inside of the same public directory. Of course if the user doesn't need to ever see header.php directly or footer.php directly, let alone helpers.php directly, we might as well put all such files inside of their own subdirectory that is not publicly accessible. 

To do this, allow me to propose the following. Inside of our vhost directory's local host directory, let's now have the following folders-- includes, which will contain files like helpers.php; public, which will contain what we'll start calling our controllers, like index.php, lecturers.php, week0.php, and week1.php; and then in templates will be header.php and footer.php. So the only thing I've really done here is to move outside of my public directory my includes directory and my templates directory so that if we now look at a hierarchical listing, we should see now this. 

Indeed, first we have an includes directory, inside of which is helpers.php. Then we have a public directory, inside of which is index.php, lectures.php, week0.php, and week1.php. And finally-- a directory called templates, inside of which is footer.php and header.php. Now even a user knows that helpers.php exists or header.php exists or footer.php exists or some other file that might very well contain something private, like a username or password, he or she cannot get at that file, because it's no longer web accessible because those files are no longer in my public directory.