As a developer you must keep it in your mind that like any other programming platform PHP is also not secure. It can be hacked. Your website made in PHP can be stolen and hacked. There are softwares and exploits for attack. There are also vulnerabilities in PHP and there can be vulnerabilities in the PHP code you write. For that I have to suggest few things to you.
- Always code for latest PHP version.
- Keep the Globals off in php.ini (PHP settings).
- Use updated open source PHP softwares of PHP i.e. WordPress. Always upgrade to the latest version of WordPress. Any open source PHP software is more likely to be vulnerable, because it is open source. Thats why they post upgrades and security updates. Get them.
- Always keep backup at least weekly bases if your website gets updates daily.
- Set right CHMOD (File permissions) for directories and files at server.
- No file or folder should be CHMOD to 777 at your server.
- Set 777 via script you are working with. Suppose you want a directory to be CMOD to 777 for lets say uploading to that folder purpose. Make it so by script and CMOD it back to normal when you are done via script.
- Whenever you create a new PHP website. After uploading check it online for vulnerability using vulnerability scanners.
- Do not use forms which are insecure. Make sure your forms are secure and validate locally and at server side. Validate every user input and them proceed. If you have placed a single input in website, You have given hacker some way to try. Use Captchas.
XSS Or Cross Site Scripting
XSS – Cross Site Scripting