Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hi !
I'm working on my first laravel project and i'm currently deploying it.
I'm on a shared hosting, and i cannot access higher than public on the ftp.
How can i secure everything outside the laravel public directory ? ( mostly the .env ) For the moment, i just restricted rw rights.
Do you have further information on this ?
EDIT :
There are many projects on this shared hosting, my path looks like :
/path/to/app/ public /routes
The app is in a subfolder containing other projects, and upper folder contains different things like company website, blog, demos...
You should ask your hosting provider about this. Even if they won't give you access to the parent directory, they should be able to create a subdirectory and point your domain there instead (so that your top level directory isn't publicly visible anymore).
@Nash Thanks i'll contact them.
I'll edit my question to reflect these additions :
There are many projects on this shared hosting, my path looks like :
/path/to/app/ public /routes
The app is in a subfolder containing other projects, and upper folder contains different things like company website, blog, demos...
If your hosting package doesn't give you the option to create your own subdomain or set it the way Nash offered, now might be the right time to switch to a private server like a VPS.
Especially since you mention your project/package being a company site with different things, the company should really invest in an infrastructure to suit their needs.
Yes, have folder structure correct, get better host see
http://novate.co.uk/deploy-laravel-5-on-shared-hosting-from-heart-internet/
and
Otherwise there will be security holes.
Thanks, i'm looking to set a VPS server which would be used only for Laravel.
Does any of you can point me on a good tutorial to deploy on a VPS ?
Please or to participate in this conversation.