In this article I explain about how to and Why to protect .env file in your Laravel Project. .env file is located in your Laravel Project Root Folder.
Why to Protect .env File
.env is used to store the most secret information of our Laravel application such as database credentials, application key, Mailer Credentials or any third-party service credentials and more..
If we can’t Protect our application .env File, they listed in google search publicly. So, hackers to get our secret information without any effort.
you can check in google search using following Words
DB_USERNAME filetype:env APP_DEBUG filetype:env DB_PASSWORD filetype:env
How to Secure .env File
1. If you host your Application in shared hosting please make sure that the root folder of your Laravel application is not accessible from the outside.
2. Change your .env File Permision to 400 or 440. so that file can not be accessed by public users.
3. Another way you add below code to your .htaccess file to set permission of .env file.
<Files .env> Order allow,deny Deny from all </Files>