I have used Laravel 5.7 and built a website (1000+ pages) and mainly used templating / routing, views. No backend or database related. Today, somebody tried to hack my website using "wp-config-sample.php" and it's uploaded in the public_html directory. How come it's possible without using FTP? Please advise how to avoid this kind of hacking.
I guess a hacker might be thinking my website is built with WordPress and put this file to hack. Luckily he can't do with Laravel?
I checked all the pages and site, it did not get damaged anything.