How about not putting the php code in the web-root at all...?
You can create a public directory with the css, html, etc and index.php there. Then use the include_path setting to point to the actual php code, eg...
webstuff
phpcode
public
images
css
index.php
then set the include path to "../phpcode" and, as php is executed from the directory of the script, all should be well.
I'd also call the main index "main.page", or something else, instead of "index.php" and change the web server default index page. That way you cant get hit by things trawlling the web for index pages.