Is moving wp-config outside the web root really beneficial?

One of the most common security best practices these days seems to be moving wp-config.php one directory higher than the vhost’s document root. I’ve never really found a good explanation for that, but I’m assuming it’s to minimize the risk of a malicious or infected script within the webroot from reading the database password.

Custom pages with plugin

I’m developing some plugin where I would like to enable custom pages. In my case some custom page would contain a form like contact form (not literally). When user will fill out this form and send it, there should be the next step which will require more information. Lets say that the first page with form would be located at www.domain.tld/custom-page/ and after successful form submission, the user should be redirected to www.domain.tld/custom-page/second. Template with HTML elements and PHP code should be also custom.

Conditionally Loading JavaScript/CSS for Shortcodes

I released a plugin that creates a shortcode and requires a JavaScript file and a CSS file to load on any page that contains that shortcode. I could just make the script/style load on all pages, but that’s not the best practice. I only want to load the files on pages that call the shortcode. I’ve found two methods of doing this, but both have problems.