Deployment to remote shared web host?

I think I talked about this before, but don’t remember. I’ve read the Slim 3/4 docs on deployment to remote web server. I typically use ‘rsync’ command with a “–exclude-from” of files not to copy like this:

rsync -rav --exclude-from 'publish-exclude-list.txt' ./ user@remote:~/{subdir}/

This copies all my files and all the “vendor” files from the Slim skeleton. Not to long back, my website got hacked because the vendor/phpunit has the ability for hackers to do some not-so-great ™ things.

So I updated my exclude list to be like this

Does anyone have recommendations of other Slim Skeleton files not to deploy beside phpunit?


It’s always a good practice to exclude any unnecessary files or directories when deploying a web application, to minimize the risk of security vulnerabilities and reduce the deployment time.

To start with, I would recommend creating a build script that generates a deployment “artifact”.

This script would call for example the composer install --no-dev --optimize-autoloader command to install only the needed dependencies and to optimize the composer autoloader for performance.

@odan the problem is, aside from

	"require-dev" : {
		"phpunit/phpunit" : ">=4.8"

I don’t know what else I should NOT deploy. I’m looking for ideas specifically from others or the author of the Slim Skeleton app.