Encourage good security practices so that public files are public and private files are private.
If you are familiar with Laravel’s directory structure, then you know that the
public folder is where the
index.php file lives.
Other PHP frameworks and apps may take a different approach and add the
index.php file directly to the
root directory. As long as you direct the server to the “public” directory that contains the
index.php file, then the site should render as expected.
However, is that really what you want to do?
Probably not! You want to be careful with what you expose and make accessible to any passer-by of your website. For example, if the folder lookup is set to root, then users can access other files you may not what them to access, such as
This is why Laravel’s directory structure places
index.php into the
public folder with other “safe to see” resources such as css, js, images, etc. It’s to encourage good security practices so that public files are public and private files are private.
But, what about Laravel-based apps that add index.php to root?
Surprisingly, there are many popular Laravel-based web apps that do not follow this structure and expose the index.php in the root directory. I’d suggest to make the necessary updates that encourage good security.