I'm trying to implement the security improvement of moving as many includes and behind-the-scenes support files as I can into a non-web-accessible directory as suggested at http://www.mediawiki.org/wiki/Manual:Security#Alternate_file_layout however success is fleeting. The problem is that the web page's view seems myopic, that all you need to do is change your include_path and all will work out. This is not the case in my experience: index.php calls files at specific locations, that means you need to hard code new locations in that file; the files that index.php call, like WebStart.php, do things like "$IP=getenv( 'MV_INSTALL_PATH' );" which fetches the original install path of the wiki (where everything else is stored which is exactly what I don't want in this situation) and tries to apply it to more includes files... and this goes on and on.
It looks to me that a simple setting of 'include_path' isn't going to be enough to direct all include/ file requests to a separate branch of the file system. Am I missing something or is the documentation in need of change? Or something else?