In zencart tutorials I read this:


8. Use .htaccess files to protect against unwanted snooping

In several folders, there are .htaccess files to prevent users from being able to browse through the files on your site unless they know exact filenames. Some also prevent access to any .PHP scripts, since it's expected that all PHP files in those folders will be accessed by other PHP files, and not by a browser directly. This is good for security. If you delete these files, you run the risk of leaving yourself open to people snooping around.


There are also some blank index.html files in several folders. These files are there to protect you in case your FTP software won't upload .htaccess files, or your server won't accept them. These only prevent directory browsing, and do not stop execution of .PHP files. It's a good alternative, although using .htaccess files in all of these folders is the better choice, for servers that accept them.


Suggested content for .htaccess files in folders where there is an index.html file but not yet an .htaccess file would be something like the following (depends on your server configuration):

#.htaccess to prevent unauthorized directory browsing or access to .php files
IndexIgnore */*
<Files *.php>
Order Deny,Allow
Deny from all
</Files>

#add the following to protect against people discovering what version your spiders.txt file is
<Files *.txt>
Order Deny,Allow
Deny from all
</Files>

What does zencart mean by that?