Yes, I am able to write to the sibling folder but the reason I would rather not is because I have two other domains and an app in a folder on that shared host so I would prefer to keep all of a domain’s files under its domain folder.
Do you have an opinion about the yii2-app-practical extension recommended by rooney10? I’ve been burned by extensions before but if this is a safe and secure solution I’ll give it a try.
You need to control this through your web server security (e.g. you can use .htaccess for apache). Typically you can set this at your app root level which will work hierarchially.
IMO… this should be done irrespective of the template (including basic or advanced) you are using.
For example you can create a .htaccess file in your console folder containing:
deny from all
, which will restrict access to the console. You can also set a master .htaccess at app root for all folders below.
I will edit the yii2-app-practical template to include maybe a sample .htaccess with some common security rules inbuilt. This will benefit people using Apache.