Pull `.env` out of web root

[schlessera]

As the composer.json will normally be located in the web root, the accompanying .env file will also be located there.

As this file contains all sorts of credentials, it would be preferable to pull it out of the web root (into its parent folder).

So I suggest adding this functionality to the Loader extension, and letting people opt-in to this behaviour through Composer extra information, to not introduce BC issues.

I will prepare a PR with how I would implement this, but any feedback is welcome.

[GaryJones]

The writing of the .env.example should probably try and take advantage of this too, with fallback to current dir, and notice within the command line output, if it can't write to the parent directory.

The composer extra option should be treated as a preference, but the installer should give a working setup at the end regardless.

[gmazzap]

Surely .env goes out of webroot. I normally put it in root folder, but place webroot in a subfolder.

This is also the suggested way in documentation: have a /public subfolder as webroot.

I think it's easier to use a subfolder for webroot instead of assuming that wp starter root is the webroot. This is the way most frameworks works...

[schlessera]

@Giuseppe-Mazzapica: That makes total sense and should be the recommended way.

But what would you suggest for a scenario where the webroot can not be moved (developer != sysop)?

[gmazzap]

@schlessera in a lot of cases a .htaccess can be used to set webroot to subfolder.

Even if that probably won't work with nginx...

[gmazzap]

Moreover, most control panels like cPanel and similar allow to setup webroot...

[schlessera]

Yes, but this only works given the right access. In my particular use case, there's an IT department that creates a space for the website, and the developers are meant to fill it in with HTML & PHP. No cPanel access and only a limited subset of .htaccess.

That's why I wanted to find a way for WPStarter to allow for a more flexible placement for .env.

[schlessera]

I realize this might not be the most common scenario, but currently WP-Starter does not provide any entry point for providing a custom path to .env. I don't intend to change the default or recommended behaviour, just provide something to support some more edge cases.

[gmazzap]

that's sounds fine. There's possibility to provide custom .env file name, have you tried to use a relative path like ../.env? Not sure it will work, but it could.

[franz-josef-kaiser]

@Giuseppe-Mazzapica About Nginx there's the root directive that allows to set a different document root for each server you define. In short, it's possible, in fact there is no difference to Apache.

[gmazzap]

v3 provides a way to customize location of .env file.

Since this is not gonna change for v2, I consider this done and will close it.

Thanks anyone involved.