Deny WWW access to file

[FatalException]

Is there a way to limit access to a specific file through my web server? I'm currently designing a blog-style website and in order to update it, the user must - of course - enter a password. The password is stored in a file elsewhere on the server, and is included into the program via a include(); function call in PHP. The problem is that when I go to the directory where the password file is via a web-browser, the content of the file shows up; in plain-text, with the password readily visible! I have full access to the server (root) so permission changing and such is not a problem. I've tried changing permissions on the file to 400, 440, and 444. Only the last one works; so obviously global read is needed for some reason. But, when it's 444, it can also be viewed via a web browser. Is there a way to change my htaccess files or something to prohibit www access to this file, but allow locally-running PHP scripts access to the file?

[sr71000]

apache??

why not just move the password file out of the directory you're serving? If you don't want the web to have access to it, put in somewhere on the server that isn't served to the web! php can access anywhere in your machine as it's a script running on your computer.

[drizzle]

Your password is nested between PHP tags and it's being printed to the screen? That shouldn't be happening. Add them to the file to fix that. Following sr71000's advice isn't a bad idea either.

PHP Code:

<?php

$mypassword = "ef0q349df";

?>