You can add a rule to your .htaccess file to block access to .env or any other sensitive file. <Files .env> Order allow,deny Deny from all You can read this blog for refrence https://techronixz.com/blogs/secure-laravel-application#:~:text=versions%20and%20changes.-,2.%C2%A0Secure%20Your%C2%A0.env%C2%A0File,that%20only%20the%20application%20and%20necessary%20server%20processes%20can%20read%20it%3A,-chmod%20600%20.env