We have a few forms on our site that utilize PHP for the form processing. An example is a form which takes the visitors information and writes the credit card information to a file within a password protected directory, and emails us (with CC info removed) to notify that an order was submitted. We then access the form information from a web browser at another address to get the form data.
The form utilizes a php file in the root directory of my domain. Is there a way to move/change this file so that it is not viewable to visitors but still can be used to securely process the form? This would just be an additional security precaution so that no one can hit that file directly through a web browser. Any ideas would be appreciated. Thanks!