I am new to WP development and recently had to write child themes and plugins to provide extended functionality for existing plugins.
For those tasks I installed composer dependencies in both, themes and plugins. I am not sure if this is best practice, but I needed access to certain libraries in a short amount of time.
Now I am not sure how to protect those folders from direct access best. We should protect the vendor files from direct access, right? Is it enough to have a
.htaccess in the vendor folder?
Order allow,deny Deny from all