Well, I'm setting up my (personal) webiste, and I was wondering if I'm doing it correctly.
My root (www) folder has two folders, public and admin. I used htaccess to redirect root to /public folder, and this folder will be have all the files for public view, so in a way it will behave like root folder.
In protected admin folder (inside root) with htaccess, and here i will have all the files to add news, articles etc., where i will administrate my site.
Also, this admin folder is only accessed if you manually type mywebsite.com/admin.
So I was wondering, is this structure a good practise, or should I change something?
It'll work, but in my opinion it's one more thing that "could break" - you're adding a level of complexity (although minimal) to your personal website. Any reason not to have "admin" right in your www folder with all the rest of the stuff and not rely on any type of redirection?
I'd be interested to hear what other people have to think, but normally the reason to keep stuff outside of your webroot is so that people cannot access it directly. An example:
In the structure above, you could put all your content into www, some password files into passwords and logs into the statlogs. If "www" is configured as your webroot, someone can't come along and go to www.example.org/passwords to get your password files. Nor could they directly access your statlogs.
However, given it had the right permissions, PHP, ColdFusion, or whatever application could read into these directories in your file system if they had permission to. If you're planning to allow /admin to basically just point to the admin folder, then you're adding no protection to it by moving it outside of the webroot --- since it's "virtually" in the webroot anyway.