diff --git a/.htaccess b/.htaccess
index aa65e8f..132464b 100644
--- a/.htaccess
+++ b/.htaccess
@@ -10,11 +10,20 @@
 	Deny from all
 </Files>
 
+# This denies access to all yml files, since developers might include sensitive
+# information in them. See the docs for work-arounds to serve some yaml files
+<Files *.yml>
+	Order allow,deny
+	Deny from all
+</Files>
+
 ErrorDocument 404 /assets/error-404.html
 ErrorDocument 500 /assets/error-500.html
 
 <IfModule mod_alias.c>
 	RedirectMatch 403 /silverstripe-cache(/|$)
+	RedirectMatch 403 /vendor(/|$)
+	RedirectMatch 403 /composer\.(json|lock)
 </IfModule>
 
 <IfModule mod_rewrite.c>
@@ -23,6 +32,7 @@ ErrorDocument 500 /assets/error-500.html
 
 	RewriteCond %{REQUEST_URI} ^(.*)$
 	RewriteCond %{REQUEST_FILENAME} !-f
+	RewriteCond %{REQUEST_URI} !\.php$
 	RewriteRule .* framework/main.php?url=%1 [QSA]
 
 	RewriteCond %{REQUEST_URI} ^(.*)/framework/main.php$
diff --git a/mysite/_config.php b/mysite/_config.php
index 92f5022..c577542 100644
--- a/mysite/_config.php
+++ b/mysite/_config.php
@@ -1,18 +1,12 @@
-<?php
-
-global $project;
-$project = 'mysite';
-
-global $database;
-$database = '';
-
-require_once('conf/ConfigureFromEnv.php');
-
-MySQLDatabase::set_connection_charset('utf8');
-
-// Set the current theme. More themes can be downloaded from
-// http://www.silverstripe.org/themes/
-SSViewer::set_theme('simple');
-
-// Enable nested URLs for this site (e.g. page/sub-page/)
-if(class_exists('SiteTree')) SiteTree::enable_nested_urls();
\ No newline at end of file
+<?php
+
+global $project;
+$project = 'mysite';
+
+global $database;
+$database = '';
+
+require_once('conf/ConfigureFromEnv.php');
+
+// Set the site locale
+i18n::set_locale('en_US');
\ No newline at end of file
diff --git a/mysite/_config/config.yml b/mysite/_config/config.yml
new file mode 100644
index 0000000..c5e730b
--- /dev/null
+++ b/mysite/_config/config.yml
@@ -0,0 +1,9 @@
+---
+Name: mysite
+After: 'framework/*','cms/*'
+---
+# YAML configuration for SilverStripe
+# See http://doc.silverstripe.org/framework/en/topics/configuration
+# Caution: Indentation through two spaces, not tabs
+SSViewer:
+  theme: 'simple'
\ No newline at end of file
diff --git a/mysite/code/Page.php b/mysite/code/Page.php
index 6ed23a2..052b308 100755
--- a/mysite/code/Page.php
+++ b/mysite/code/Page.php
@@ -1,10 +1,10 @@
 <?php
 class Page extends SiteTree {
 
-	public static $db = array(
+	private static $db = array(
 	);
 
-	public static $has_one = array(
+	private static $has_one = array(
 	);
 
 }
@@ -25,7 +25,7 @@ class Page_Controller extends ContentController {
 	 *
 	 * @var array
 	 */
-	public static $allowed_actions = array (
+	private static $allowed_actions = array (
 	);
 
 	public function init() {
@@ -40,4 +40,4 @@ class Page_Controller extends ContentController {
 		Requirements::themedCSS('form'); 
 	}
 
-}
\ No newline at end of file
+}
diff --git a/phpunit.xml.dist b/phpunit.xml.dist
index 2bb3c87..1232b66 100644
--- a/phpunit.xml.dist
+++ b/phpunit.xml.dist
@@ -25,7 +25,7 @@
 	<listeners>
 		<listener class="SS_TestListener" file="framework/dev/TestListener.php" />
 	</listeners>
-
+	
 	<groups>
 		<exclude>
 			<group>sanitychecks</group>
diff --git a/web.config b/web.config
index a04afa1..56df27f 100644
--- a/web.config
+++ b/web.config
@@ -1,5 +1,18 @@
-<?xml version="1.0" encoding="utf-8"?>
 <configuration>
 	<system.webServer>
+		<security>
+			<requestFiltering>
+				<hiddenSegments>
+					<add segment="silverstripe-cache/" />
+					<add segment="vendor" />
+					<add segment="composer.json" />
+					<add segment="composer.lock" />
+				</hiddenSegments>
+				<fileExtensions allowUnlisted="true" >
+					<add fileExtension=".ss" allowed="false"/>
+					<add fileExtension=".yml" allowed="false"/>
+				</fileExtensions>
+			</requestFiltering>
+		</security>
 	</system.webServer>
 </configuration>
\ No newline at end of file