What is the most accepted method for hiding password for 'connect.php' file?
I would strongly recommend moving connect.php in one directory above your DOCUMENT_ROOT so that it is not accessible from your web server.
Your php files can of course include connect.php with full or relative path eg:
require_once('../connect.php');
All the answers have good advice but fail to address the fact that any user with server access can just snoop around and open the config.php in an editor.
Set your config files in a directory outside of public webspace , the webserver should be the owner of this directory and it should have permissions set to 700. All files it contains should be 644. This way no one can even read the file contents apart from webserver user or root.
This is a common approach, but there is a lot more to the subject as security is a very vast topic, but is better than 90% of the setups out there.
Set $password, connect, then unset() $password. They should be never able to recover it.I don't think a PHP file can be downloaded anyway, neither seen. It is always compiled by the server before.