Yii2 - how to secure folder "vendor" and "app" in public directory?

Hellou, i have stupid Apache hosting with access only in webserver webroot directory - i can not upload a "vendor" and "app" folder to a non-public directory.

How can I best secure "vendor" and "app" folder in public directory?

It is enough .htaccess with "Deny from all" or … ?

(sorry for my bad English)

Here, take a look at this, made especially for people in a situation like the one you’re in: https://github.com/kartik-v/yii2-app-practical-b

Thanks, but there is "vendor" folder completely public.

And on page "http://www.yiiframework.com/download/" is: Install from an Archive File - Download one of the following archive files, and then extract it to a Web-accessible folder.

So result - "vendor" folder can be public and ".htaccess" with "Deny from all" in "vendor" folder is unnecessary?

Is that really true?

That’s what you said: your stupid webhosting only allows you to upload vendor and app folder to public directories.

I suggest that you actually check out the application template that I linked to because it is made for situations like yours.

And, yes: it uses a htaccess.