Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hi, I recently deployed a Laravel 11 in Hostinger using GIT. I'll be calling it "website.com". For some reason, Hostinger shared hosting only allows for GIT deployments inside /public_html/ folder, which is the document root, so I deployed in /public_html/website.com/ (folder name same as domain for convenience). As the document root cannot be changed, I created an .htaccess file inside public_html, to point requests to Laravel's public folder at /website.com/public/ . This works fine and the webiste is fully operative.
However, there's a weird issue where if I type in my browser "https://website.com/website.com/public", it also gets me to the home, and I can navigate the site from there too. For some reason, any url can be replicated in that subpath, for example: "https://website.com/media" can also be accessed as "https://website.com/website.com/public/media"
I don't know how to fix this and prevent this duplicity. Also, I'm concerned about security. Here is the .htaccess that I've put in /public_html/
# Redirect all requests to Laravel public folder
RewriteCond %{HTTP_HOST} ^(www.)?website.com$ [NC]
RewriteCond %{REQUEST_URI} !^/website.com/public/
RewriteRule ^(.*)$ /website.com/public/$1 [L]
There's also the Laravel 11 default .htaccess inside the public folder. I haven't modified or deleted it since I don't know what to do with it.
Any tips?
It looks like I found a solution, I added this at the very beginning of Laravel's .htaccess file (inside /public):
RewriteEngine On
RewriteCond %{THE_REQUEST} "/website.com/public" [NC]
RewriteRule ^ / [R=301,L]
And now if I try to access the duplicated paths, I get redirected to the domain root. Not sure if this is the best way to fix it, but I checked if any sensitive file could be accessed and it looks like I'm good. Hope it helps someone.
The best way, and the safest is to correctly set the document root.
@Snapey You're right. But Hostinger shared hosting won't let me change the document root, it is set to /public_html . There's a file at the same level named "DO_NOT_UPLOAD_HERE", suggesting that I should not upload files outside of /public_html for whatever reason. And their GIT deployment panel only allows to deploy within /public_html
In their support page they say that I should create a redirect with .htaccess file https://support.hostinger.com/en/articles/1583494-what-is-the-path-to-your-website-s-root-home-directory-and-how-to-change-it "The home directory cannot be changed on our Web, WordPress, and Cloud hosting packages due to control panel restrictions. Alternatively, you can host your files on a subdirectory and create a redirect on your .htaccess file as follows:"
So that's what I did, but then I had the duplicated paths issue.
I know the best solution would be to set the document root, but I found these limitations on Hostinger shared hosting
The home directory cannot be changed on our Web, WordPress, and Cloud hosting packages due to control panel restrictions. Alternatively, you can host your website with a different provider.
Thats how I would read it.
Please or to participate in this conversation.