DEV Community

Cover image for How to Prevent Disasters in Laravel (A Critical Tip for Professional Developers)
Aboozar Ghaffari
Aboozar Ghaffari

Posted on

How to Prevent Disasters in Laravel (A Critical Tip for Professional Developers)

#php #laravel #tutorial #security

Running powerful Artisan commands like php artisan migrate:fresh or migrate:wipe in the wrong environment—especially production—can completely wipe your database in seconds. To prevent such accidents, Laravel (starting from version 11.9) offers a built-in protection mechanism using the Prohibitable trait. In this tutorial, you’ll learn how to lock down destructive commands in production and avoid unintentional data loss with just a few lines of code.

Prohibitable Trait: Smart Protection Against Destructive Commands

As of Laravel 11.9, you can easily lock dangerous commands in production environments. This simple safeguard can save you from catastrophic errors.

How It Works

By adding a few lines of code to your Service Provider, you can disable certain Artisan commands based on the environment.

class AppServiceProvider extends ServiceProvider
{
    public function boot(): void
    {
        FreshCommand::prohibit(app()->isProduction());
        RefreshCommand::prohibit(app()->isProduction());
        ResetCommand::prohibit(app()->isProduction());
        RollbackCommand::prohibit(app()->isProduction());
        WipeCommand::prohibit(app()->isProduction());
    }
}
Enter fullscreen mode Exit fullscreen mode

Here’s why it’s crucial:

migrate:wipe – Completely deletes all database tables (WipeCommand)
migrate:fresh – Resets the entire database (FreshCommand)
migrate:reset – Rolls back all migrations (ResetCommand)
migrate:refresh – Resets and reruns all migrations (RefreshCommand)
migrate:rollback – Reverts the last batch of migrations (RollbackCommand)

The key line is:

WipeCommand::prohibit(app()->isProduction());
Enter fullscreen mode Exit fullscreen mode

This line accepts a boolean. If it returns true, the command is prohibited from running.

The expression app()->isProduction() checks your app’s environment—based on the APP_ENV value in your .env file.

A Simpler Solution

Want to handle all dangerous commands in one place? Just add the second code snippet to your Service Provider, and you’ll be protected across the board.

class AppServiceProvider extends ServiceProvider
{
    public function boot(): void
    {
        DB::prohibitDestructiveCommands(app()->isProduction());
    }
}
Enter fullscreen mode Exit fullscreen mode

Final Thoughts

If you’re a professional Laravel developer—or even just getting started—this small tip can save you from a major disaster. Don’t wait for a close call to make this part of your standard setup.

Stay safe. Write smart code.
Laravel has your back—you just need to use the tools it offers.

Top comments (0)