Hi,
until recently I used public_html\default.php as my first page. suddenly 000webhost switched to index.php instead and when I went to my site it listed all the files under .\public_html
This is a big security issue since I don’t want to let people see my php code. I also have php with the database user name.
How can I prevent from people reading my php files under public_html ?

Thanks

I’m assuming you just migrated from the old panel? And you are now seeing the default welcome screen, where it lists your files?

You could just create an index.php file that redirects to the default.php. Make the index.php file with the code below.

<meta http-equiv="refresh" content="0; url=http://example.com/" />

Just replace the example.com with yoursite.com/default.php

yes I know and I did changed default.php to index.php what bother me is the security issue.
Is it security issue to put sensitive files under public_html i.e. php configuration file with database user name?

Well, that page is meant for users who just started their website, not people who are migrating. Most people used index files even before migration. The users cannot actually see any code.