How To Secure Laravel Website From Hackers

  • 10-06-2022
  • 2422
  • Laravel 9
  • Haresh Chauhan

Watch Youtube Video (HINDI) :

Laravel is PHP open source PHP framework used to build web applications and server-side scripts, However, on the developing side, that framework can not say perfectly that secure your web application 100% from hackers and security matters. You need to step forward toward a more secure application, However, this framework tries to improve each version more force security to save the site from the hackers.

This is common that hackers each time find your site linkages and then your data and important key matter. Unsafe developing sites are also vulnerable to the data and security of tokens, keys, and csrf form.

So in this post, I would like to tell you in your laravel application safe .env from the hackers and server errors debug mode false tips trick.

Secure Data

App debugs false will hide your server error from the hackers in case you get any server errors. It will not show you error logs. So it is hard to know what to wrong with the server.

So hackers won't know the error longs and not be able to go deeper.


Add Blacklist

Add the below code to your app.php file that will hide you Cookies, Server, Env from the browsers and logs.


'debug_blacklist' => [
    '_COOKIE' => array_keys($_COOKIE),
    '_SERVER' => array_keys($_SERVER),
    '_ENV' => array_keys($_ENV),

This script will help you to hide your debug console from hackers.


As we very well know that laravel project we set all the credentials in the .env file so this is more important to hide the .env file.

The below script will hide .env the file it accessing http://localhost:8000/.env. So it is not able to open the file..

Secure .env

# Disable Directory listing
Options -Indexes

# block files which needs to be hidden // in here specify .example extension of the file
<Files ~ "\.(env|json|config.js|md|gitignore|gitattributes|lock|example)$">
    Order allow,deny
    Deny from all

# in here specify full file name sperator '|'
<Files ~ "(artisan)$">
    Order allow,deny
    Deny from all

We always thanks to you for reading our blogs.


Dharmesh Chauhan

(Swapinfoway Founder)

Hello Sir, We are brothers origin from Gujarat India, Fullstack developers working together since 2016. We have lots of skills in web development in different technologies here I mention PHP, Laravel, Javascript, Vuejs, Ajax, API, Payment Gateway Integration, Database, HTML5, CSS3, and Server Administration. So you need our service Please Contact Us


Haresh Chauhan


We Are Also Recommending You :