PHP remains the most popular server-side language for websites and web applications. According to the latest data from w3techs, it is used by 79% of websites whose server-side language is known. Therefore, secure PHP programming and configuration are of critical importance.

PHP Security

There are more reasons, why PHP should be treated with extra care when it comes to security. It is a very forgiving language, which makes it easier to introduce simple errors. There are also many libraries and extensions that can introduce errors beyond your control. Last but not least, the approach to PHP security is often lax. For example, many administrators fail to keep the engine updated.

How To Keep PHP Secure

To help you keep your PHP applications and environment secure, read our comprehensive, five-part guide that was prepared by our development and research team:

    • In Part 1, we talk about the problem of SQL Injections in PHP and how to prevent them.
    • In Part 2, we focus on other typical PHP vulnerabilities: Code Injection and Directory Traversal.
    • In Part 3, we teach you how to prevent Cross-site Scripting and how to securely store passwords.
    • In Part 4, we go through various configuration settings that are important to PHP security.
    • Finally, in Part 5, we finish off with some helpful tips and tricks.
Tomasz Andrzej Nidecki
Principal Cybersecurity Writer
Tomasz Andrzej Nidecki (also known as tonid) is a Primary Cybersecurity Writer at Invicti, focusing on Acunetix. A journalist, translator, and technical writer with 25 years of IT experience, Tomasz has been the Managing Editor of the hakin9 IT Security magazine in its early years and used to run a major technical blog dedicated to email security.