Posted by billp44ruby on February 3, 2016 at 10:45pm
I'm curious as to what the best practice recommendations are for maintaining files like install.php, update.php on a multisite server. I'm adding new sites to the installation frequently, but I understand leaving them out there presents somewhat of a security risk that I'd rather not have.
What do others do with these files between site installations?
Comments
Keep install.php and
Keep install.php and update.php in the drupal root. Then limit access to those files as desired via nginx/apache config. You can lock it down to a specified IP address, or block access altogether and only remove it when needed. If you're using drush, you generally would not need to access those files via the browser.