tag
shared hosting
2 articles with this tag
2026-06-07
Keeping .env off the public web on shared hosting
The real fix: app body outside the docroot, only public/ exposed. Stop the bleeding with .htaccess, make it permanent by restructuring, then self-check. ITD's view: this isn't one person's slip but an industry-standardized bad pattern — fix it with process, not vigilance. bootstrap-redirect beats symlink.
2026-06-07
Laravel apps' .env was readable by the whole world — the most common shared-hosting mistake
The cause: the whole app sat under the web root; only public/ should be visible. Fix in three steps — .htaccess first aid, rotate keys, restructure — then prevent it with process.