Or obscure it completely:
Or hide it as html code, which has a slight performance hit
because all html will be parsed through the PHP engine:
For this to work effectively, you must rename your PHP files with
the above extensions. While it is a form of security through
obscurity, it's a minor preventative measure with few drawbacks.