How to remove the public path from Laravel

Published on March 23, 2020

Unlike WordPress, CodeIgniter and other PHP-based frameworks, Laravel doesn’t serve the index.php file, the entry point of HTTP requests, in its root directory. Instead, a public directory is there and Laravel expects the document root of the webserver to be that public directory.

Although this approach is extremely desirable in terms of security, someone would face issues, particularly in a shared hosting environment, where there isn’t any possibility to set the document root for the domain to be the public directory of the Laravel project.

Anyways, it doesn’t matter what the reason is here for you to remove the public path from a Laravel project, I’m guiding you through the steps to modify the Laravel files so the public path will not be needed.

#1 Get Rid of .env File

Laravel uses the .env file stored in the root directory to store almost all of its configuration ranging from the database connection details to payment gateway providers’ keys.

When the public path is there and the domain is mapped to that public directory, your sensitive details present in .env file are fully secure. But when you will remove the public directory, your .env file will be exposed to the public unless it is protected using .htaccess file or vhost-level configurations (in either Apache or NGINX).

You may keep this file and modify your server configuration to protect it from public access, but I prefer that it should be deleted completely. This .env file’s values are used by config files present in the config directory, like database.php, services.php and so on. I recommend that you should provide the values directly in those configuration files.

When committing changes to a version control system like BitBucket or GitHub, you should exclude the config files and include sample config files like WordPress does.

#2 Renaming files

In the root directory, rename server.php to index.php. Now from public/index.php file, copy all the code to index.php file in root that you just renamed so it will look like this:

Now you should copy .htaccess file from public to the root directory as well if this Laravel app is being served from an Apache or other server that supports .htaccess.

That’s it. Now your Laravel project can be served without requiring the public directory.


I discourage this and I don’t have any reason to defend the approach that I shared above. Where this approach may result in several security-related issues, several core functionalities of the framework would break too.

For example, Laravel Storage library, asset helper, mix helper, and several other core components are configured to function in the presence of the public directory. So removing the public directory may result in several issues and may break your web app.

If you don’t like the public directory to be there, I recommend that you should not use Laravel and you should use CodeIgniter or even use WordPress as I consider WordPress to be an awesome PHP framework. Or if this approach serves your needs, you can use it by taking proper care of security.

Do you have any questions or suggestions? You can discuss it in the comments.

Tagged: laravel

Rehmat Alam

Rehmat Alam

I'm a web developer & an open-source lover from Gilgit-Baltistan, Pakistan. I occasionally write here about what I find to be helpful for the community.


No comments found!

Post a comment