Secure way to host Laravel Project

From my experiences, if you use shared hosting, then I have several suggestions:

• Never put any sensitive information on ~/www or ~/public_html (such as: .env)
• All hidden information should be contained in hidden style. In Unix, it is a file start with letter dot, that's why it is named .env
• Use complicated passwords, but should be easily remembered for you only.
• Buy a SSL certificate and setup for your account, that leads to use HTTPS for everything.
• Always remember: you are shared host with many others, so there might happen local hack attempts.

I personally run sites in both shared hosting and own servers, but shared hosting is for small sites with unimportant stuffs only. For big or important ones, I run on my own servers in which I have full controls over.

Nice. TQ. But all sensitive information like .env should be in root directory. How do you think about that?

What I've done on DirectAdmin servers, is to place the project in ~, remove the ~/public_html folder and make a symlink called public_html to public. This makes sure that the public folder is the only folder actually accessible from the internet.

You could do the same for a cPanel server, but I'm not sure which directories it uses.

I see... its nice if I can do.. In the same hosting, I hosted some other sites, wordpress based. I dont think so that I can rename that... :)