Elegant Laravel Logo

Your Guide to Laravel Excellence

How to Restrict php artisan migrate:fresh on a Laravel Production Server

How to Restrict php artisan migrate:fresh on a Laravel Production Server

To prevent accidental data loss in your production environment, Laravel provides built-in ways to restrict destructive database commands, such as:

php artisan migrate:fresh

php artisan migrate:refresh

php artisan migrate:reset

php artisan db:wipe

Step 1: Set Environment to Production

Make sure your production .env file contains:

APP_ENV=production

Step 2: Add Restrictions in AppServiceProvider

Open app/Providers/AppServiceProvider.php and update the boot() method:

use Illuminate\Database\Console\Migrations\FreshCommand;
use Illuminate\Database\Console\Migrations\RefreshCommand;
use Illuminate\Database\Console\Migrations\ResetCommand;
use Illuminate\Database\Console\WipeCommand;
use Illuminate\Support\Facades\DB;

public function boot(): void
{
    // Automatically prohibit destructive commands in production
    DB::prohibitDestructiveCommands($this->app->isProduction());

    // OR, individually prohibit specific commands
    if ($this->app->isProduction()) {
        FreshCommand::prohibit();
        RefreshCommand::prohibit();
        ResetCommand::prohibit();
        WipeCommand::prohibit();
    }
}

What This Does

DB::prohibitDestructiveCommands(true)

→ Laravel will automatically restrict commands like:

migrate:fresh

migrate:refresh

migrate:reset

db:wipe

You can also prohibit them manually (as shown) for more control or clarity.

If you try to run a restricted command in production, you’ll see:

Command prohibited in production environment.

⚠️ Important: Never run destructive commands like migrate:fresh in production without fully understanding the consequences. These commands will delete all your data.

Example for Custom Artisan Commands

If you're creating your own destructive command, you can restrict it like this:

use Illuminate\Console\Command;
use Illuminate\Console\Concerns\Prohibitable;

class SomeDestructiveCommand extends Command
{
    use Prohibitable;

    protected $signature = 'custom:destructive-action';

    public function handle()
    {
        // your destructive logic here
    }
}

Then in your AppServiceProvider, you can call:

SomeDestructiveCommand::prohibit($this->app->isProduction());

By following these steps, you safeguard your production database from destructive mistakes while maintaining flexibility in development environments.

Recommeded Posts

Guide to Session Management and Flash Messages in Laravel

Guide to Session Management and Flash Messages in Laravel

Learn how to use Laravel's session management and flash messages. This comprehensive guide covers storing data, handling user states, and displaying temporary notifications in your Laravel applications.

2 months ago Read article →
How to Handle Job Failures in Laravel 12 with FailOnException

How to Handle Job Failures in Laravel 12 with FailOnException

Learn how to handle job failures in Laravel 12 using the new FailOnException trait. Clean up your job classes, avoid repetitive boilerplate, and follow Laravel best practices with this simple guide.

2 weeks ago Read article →
How to Accept Credit Card Payments in Laravel 12 Using Square

How to Accept Credit Card Payments in Laravel 12 Using Square

Learn how to easily add Square credit card payments to your Laravel 12 website. Step-by-step guide for secure and smooth payment integration.

1 month ago Read article →
Soft Deletes in Laravel: Using withTrashed() and onlyTrashed() in Eloquent Queries

Soft Deletes in Laravel: Using withTrashed() and onlyTrashed() in Eloquent Queries

Soft Deletes in Laravel: Using withTrashed() and onlyTrashed() in Eloquent Queries

2 months ago Read article →
esc to close