Print Layout Pro

Private deploy guide for server-side secrets, API protection, cron safety and clean production files.

Release Center QA Runner

ReleaseV17.2

FocusSecurity

SecretsServer config

DeployControlled

Step 1

Create server config

Required

Copy /api/config.local.php.example to /api/config.local.php inside Hostinger and paste the real values there only.

api/config.local.php
resend_api_key
supabase_url
supabase_anon_key
cron_secret

Step 2

Protect API config

Included

Upload /api/.htaccess. It blocks direct access to config files, helper files and backup/log files inside the API folder.

api/.htaccess
api/_bootstrap.php
api/config.local.php.example

Step 3

Root protection

Manual merge

Use htaccess-security-snippet.txt as a guide. Merge it into your current public_html/app/.htaccess after taking a backup.

Do not blindly replace .htaccess.
Back up first.
Merge only the security rules you need.

Step 4

Rotate exposed keys

Important

Any server key previously pasted in PHP or shared in a chat should be rotated in the provider dashboard, then stored only in config.local.php.

Rotate Resend key
Confirm cron secret
Confirm Supabase RLS remains active

V17.2 Deploy checklist

Upload api/_bootstrap.php Upload api/.htaccess Create api/config.local.php from the example file Upload updated API PHP endpoints Merge root htaccess security snippet carefully Test send email, project notification, payment proof upload, recurring cron and reminder cron Run QA Runner after deploy