How to hide .env file

which Laravel version you are using ? and did you try the same thing from you local server ?

I'm using Laravel 5, change the APP_ENV=Production but can still access it when i go to domain/com/laravel/.env

I just check locally... i can't access .env file. but i can access it online when i navigate to domain.com/laravel/.env laravel is a folder where i store the laveral file excluding the public files. I'm using share hosting, all my domain file was deleted 24hours ago, call Godaddy, they ask me to pay $150 for recover my file... please i need to secure my .env file. Thanks

I don't understand. which domain files are you talking about ? & how is that related to .env file

just delete the .env file from your server and create a new one ,dont give full permission to that and add you configuration details . i hope this will help.

if you install correctly it should be above the root directory and inaccessible.

#1 starter error

basically it out of the public directory which is not accessable through browser.

That is why the vhost root must be the public folder

Nginx? Here's how to hide everything important https://bashy.im/blog/nginx-security-protect-htaccess-dot-and-dollar-sign-files

You may Add This line in your htaccess RewriteRule ^.env - [F,L,NC]

We need a thumbs-down button

Oh my goodness this has only been discussed several hundred times.

I'm actually tired of putting the link in a post at least once a week. To all users, please do a search.

@jlrdw don't worry, just an old thread coming back... 2 years old

@Snapey I use the spam button, maybe it do the work ?

Maybe laracasts could give some of the users with 1.000.000XP the "veteran" status that allows them to mark answers as "SUPER DEPRECATED SOLUTION" =)

Sorry I was on phone and it doesn't show how old the thread was my apologies.