How to Remove Public from url Laravel 12 With Example

Introduction

Laravel 12 uses the public directory as the entry point to serve your application. This setup helps protect sensitive core files. However, many developers prefer to remove public from the URL for cleaner, user-friendly access. In this post, we'll learn how to safely remove the public segment and also prevent sensitive files like .env or package.json from being exposed.

Why Remove "Public" from Laravel URLs?

The public directory isolates public assets and routes all traffic through index.php. But in many hosting environments or client-facing apps, you want URLs like yourdomain.com instead of yourdomain.com/public. We'll show you how to achieve this while keeping everything secure.

Steps

01: Move Files

From the public/ folder, move these two files to your Laravel root directory:

• index.php
• .htaccess

02: Update index.php Paths

After moving, open index.php in the root and update the paths:

// OLD (from public/index.php):
require __DIR__.'/../vendor/autoload.php';
$app = require_once __DIR__.'/../bootstrap/app.php';

// UPDATED (now in root):
require __DIR__.'/vendor/autoload.php';
$app = require_once __DIR__.'/bootstrap/app.php';
    

03: Update .htaccess File

Use this updated .htaccess to protect sensitive files and route traffic correctly:

<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
  Options -MultiViews -Indexes
</IfModule>

RewriteEngine On

# Block access to sensitive files
<FilesMatch "\.(env|json|lock|md|yml|xml|gitignore|gitattributes|ini|log)$">
  Order allow,deny
  Deny from all
</FilesMatch>

# Explicitly deny Laravel sensitive files
<FilesMatch "^(artisan|server\.php|composer\.(json|lock)|package\.(json|lock)|webpack\.mix\.js|vite\.config\.js)$">
  Order allow,deny
  Deny from all
</FilesMatch>

# Authorization header fix
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

# Redirect trailing slashes
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]

# Main front controller
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
    

04: Fix Asset Loading (Optional)

If your assets are still being loaded from /public, set the following in your .env:

05: Restart Server

Restart your development server or re-deploy your production environment after changes.

Conclusion:

Removing /public from your Laravel 12 app’s URL is easy but must be done with care. Use the steps above and secure your sensitive files using a properly configured .htaccess. This ensures your app stays both professional and safe.