I am intending to password protect a section of my website using .htaccess/.htpasswd files. I have done this previously with a different ISP placing the .htpasswd file below the root directory. The advice I was given at the time was "For security, you should not upload the htpasswd file to a directory that is web accessible (yoursite.com/.htpasswd), it should be placed above your www root directory." I was able to do this, though I cannot recall quite how.
It seems logical for security to keep the password file out of harms way but I have not found any comment on this issue in the forum. Are my concerns misplaced?
How would I go about placing a file below my root directory?