DEV Community

Adam Miedema
Adam Miedema

Posted on • Edited on

Keep index.php in your public folder

Encourage good security practices so that public files are public and private files are private.

If you are familiar with Laravel's directory structure, then you know that the public folder is where the index.php file lives.

Alt Text

Other PHP frameworks and apps may take a different approach and add the index.php file directly to the root directory. As long as you direct the server to the "public" directory that contains the index.php file, then the site should render as expected.

However, is that really what you want to do?

Probably not! You want to be careful with what you expose and make accessible to any passer-by of your website. For example, if the folder lookup is set to root, then users can access other files you may not what them to access, such as composer.json. 😱

This is why Laravel's directory structure places index.php into the public folder with other "safe to see" resources such as css, js, images, etc. It's to encourage good security practices so that public files are public and private files are private.

But, what about Laravel-based apps that add index.php to root?

Surprisingly, there are many popular Laravel-based web apps that do not follow this structure and expose the index.php in the root directory. I'd suggest to make the necessary updates that encourage good security.

Top comments (1)

Collapse
 
puncoz profile image
Puncoz Nepal

Just moving the index.php file from other directories to public will work?? I mean what about the path of imported php files inside the index.php ?? 🤔