Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I currently host multiple websites using cPanel on a VPS via Ramnode.
I have taken a liking to Laravel Forge and it's interface. It's ease of use and quick branch deployment is definitely a PRO for me.
I've been considering moving the sites over to a droplet and managing them via Forge. However, I have concerns about security. I suppose I would have to create separate users for each NGINX config file to run under? Are there any other security concerns I should keep in mind? I do not host any emails for any of the websites.
You don't have to create separate users. The default "forge" user is fine. You're the only one with the ssh key and the sudo password. The only thing I'd really do is lock down ssh access and restrict by ip or something, but that's really outside of Forge. Like my firewall rules are set in AWS.
@Cronix If a website was compromised and was running under Forge (Along with the others) wouldn't it be able to potentially affect every other website on the server?
Sure, but at the same time, if someone can compromise one, they can probably compromise the others. Especially if they are all using the same code, like Laravel. Really it comes down to server security and not allowing anybody to have access to what they don't need or shouldn't have. Like if they have your forge credentials, then everything is compromised no matter how many users you have set up, since forge is a sudo user.
If you want to go through the trouble of securing each one individually, I think I'd run each site on it's own server which would make things a lot simpler to maintain.
Please or to participate in this conversation.