CI for hacker...

[eluser]TheFuzzy0ne[/eluser]
All CodeIgniter files, excluding the license.txt and the index.php, can be put outside of your Web root (if you have access to it). You can also use an htaccess file to enhance security by disallowing access to certain files and directories. So long as you consistently sanitise and validate user input, the only real threat is someone finding out the username and password for your Web server/hosting account.

[eluser]vps4[/eluser]
[quote author="Dam1an" date="1244663371"]Why not just move the core/application out of the web root, so all you have is index.php (where you update the paths) and static stuff like images, css and js

And I definatly agree with giving the admin stuff a random string instead of the word 'admin'[/quote]

great! move out web root is the best way for hidden dirs.

[eluser]vps4[/eluser]
thanks all of you post!