Laravel .env Exposed

2 min readDec 16, 2020

When it comes to host a Laravel project on shared hosting, many of the developers finds a difficulty. So they just apply any random solutions from different websites to make their project working without even knowing the consequence of that. Let me give one example.

One of the easiest way of Laravel hosting is move all files of public folder to root and make some changes in index.php

Once you go with above solution, you are opening doors for the hackers and attackers. Because Laravel’s base directory has many important files like .env, .htaccess etc and your web-server is also pointing to Laravel’s base directory. So these all important files can directly be accessed by URL. For example, .env file can be accessed via www.example.com/.env and it results,

In conclusion, never ever host Laravel like this. If you have shared hosting and you have less knowledge about server related stuffs then ask you hosting provider to change documentRoot to Laravel’s public folder.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Written by Mohit Mehta

22 Followers

3 Following

Full stack enthusiastic developer

Responses (2)

Write a response

What are your thoughts?

Also publish to my profile

Lee Mason

Dec 16, 2020

Ive literally just wrote a post about Laravel in shared hosting environment. More from an SEO perspective: https://leemason.co.uk/laravel-on-shared-hosting/
The solution provided there doesn't have this risk. But i 10000% agree shared hosting of Laravel should be where possible.

Raghu Veer Dendukuri

Jun 2, 2021

Basically most of the shared hosting setups that use CPanel Control Panel and other panels simply allow to upload files/folders outside public_html (i.e. webroot), and this way, they can upload content of public into public_html and all files &…

Recommended from Medium

Andi S

Pagination in Laravel 11

Pagination isn’t just a feature

Nov 4, 2024

PHP on Mac: A Quick Start Guide with Laravel Valet

I Nyoman Jyotisa

PHP on Mac: A Quick Start Guide with Laravel Valet

Before We Begin: Consider Laravel Herd

Dec 5, 2024

Lists

Best of The Writing Cooperative

67 stories511 saves

Staff picks

827 stories1649 saves

Deploy Laravel on AWS EC2: A Comprehensive Guide

Ritik

Deploy Laravel on AWS EC2: A Comprehensive Guide

Assuming that you have a ready-to-deploy Laravel application, we will use an Ubuntu platform for our server and walk through the process of…

Jan 10

Laravel API: Build Secure and Scalable RESTful Services

Trushit Kasodiya

Laravel API: Build Secure and Scalable RESTful Services

Jan 31

Setting up Laravel 12 with Inertia and Vue 3

Hamza Sehouli

Setting up Laravel 12 with Inertia and Vue 3

Laravel, Inertia.js, and Vue.js work together to form a powerful stack for building modern single page applications (SPAs) with…

Mar 1

🔐 From Zero to $8k: How I Stumbled Into a Critical Bug (And You Can Too!

Krish_cyber

🔐 From Zero to $8k: How I Stumbled Into a Critical Bug (And You Can Too!

🌟 Intro: The Day I Accidentally Became a Hacker

5d ago

See more recommendations

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams