Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hi, I'm new to Laravel and I really enjoy it! I used to deploy my projects to an (externally) managed VPS with DirectAdmin on it. For my Laravel Projects I really like the idea of forge.
However, I can't seem to find in info on this: With the fresh start of deployment everything is secure and up-to-date, but what happens next as te time goes by? I've read that Forge will automatically install security updates (which is great!). But how does it handle future updates of installed components? And how safe is Forge compared to a managed VPS?
Forge handles most of the deployment side of things - getting the host up and running, security updates running, code changes and migrations can be run magically, but as far as software updates go, I believe you have to take care of that yourself. A managed VPS (depending on the agreement) will generally have the sysadmin side taken care of for you and all you need to do is push code.
Forge just installs stuff and acts as a manager for git repos and sites.
You can go in and manage it yourself (do/check for updates). Depends how you manage it.
OK, thanks for this insight! So I understand I still need someone to look at the security of the server configuration. Correct?
If you want to be extra sure it's as secure as it can be, yes. Anyone storing sensitive data should have a security audit done regularly.
Most security holes come from bad configuration or user error.
Please or to participate in this conversation.