You don’t need to protect anything. All php files should be 0644 permissions, the directories should be 0755. Any file with a php file extension will be processed by PHP on the web server, so for something like the bb-config.php that does not return any content, the browser will not display any contents. A lot of php files with private information in them are like that, with no content returned.
Load this page:
There’s nothing displayed in the browser since the web server returns the processed output of the php file, not the source of the file.
thanks for your fast reply.
Last question: What if someone downloads the files with a different program. Could this person find my database access data including the password in the php which contains this information?
No – it has nothing to do with the program they use, it’s how that file is served by the web server. If the web server is configured correctly (to process PHP files and not display them) then there’s nothing to worry about. If your forum is usable, your web server is configured correctly.