PHP Security

Open-source PHP projects categorized as Security

Top 23 PHP Security Projects

  • Matomo

    Liberating Web Analytics. Star us on Github? +1. Matomo is the leading open alternative to Google Analytics that gives you full control over your data. Matomo lets you easily collect data from websites & apps and visualise this data and extract insights. Privacy is built-in. We love Pull Requests!

    Project mention: What is the proper way to see how many monthly active users you have? | | 2023-01-27 is open source and GDPR compliant

  • labs

    This is a collection of tutorials for learning how to use Docker with various tools. Contributions welcome.

  • Cloudways

    Managed Cloud Hosting Platform. Cloudways leverages advanced technology and powerful servers. Cloudways is a one-click managed cloud hosting platform that provides cloud application and server management solutions. Get up to 2 months of Free Hosting by using code "LIBHUNT" and get a $30 free hosting credit.

  • random_compat

    PHP 5.x support for random_bytes() and random_int()

  • DVWA

    Damn Vulnerable Web Application (DVWA)

    Project mention: Vulnerability Management Practice Lab | | 2022-11-19

    You could spin up a version of dvwa and scan that.

  • awesome-appsec

    A curated list of resources for learning about application security

    Project mention: Aside from OWASP, are there other relevant certs to get for App Sec? | | 2022-08-23

    For resources :

  • PHPSecLib

    PHP Secure Communications Library

    Project mention: Asymmetric encryption | | 2022-12-30

    PHP libraries that provide support for asymmetric encryption OpenSSL: phpseclib: Sodium:

  • PrivateBin

    A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.

    Project mention: - A privacy focused pastebin service w/ IPFS support | | 2023-01-23

    How is it different from PrivateBin?

  • InfluxDB

    Build time-series-based applications quickly and at scale.. InfluxDB is the Time Series Platform where developers build real-time applications for analytics, IoT and cloud-native services. Easy to start, it is available in the cloud or on-premises.

  • MISP

    MISP (core software) - Open Source Threat Intelligence and Sharing Platform

    Project mention: MISP at scale on Kubernetes | | 2022-11-17

    Yes but … the frontend/ui is still trying to check the health of each process by checking in /proc/{PID} like in previous and shows that the process maybe start but it couldn’t check if it’s alive or not. An issue was created and we’re waiting for the patch to be integrated in a future version.

  • pfSense

    Main repository for pfSense

    Project mention: Where can I get hands on practice for cybersecurity as a beginner over internet for free? | | 2023-01-25
  • PHP Encryption

    Simple Encryption in PHP.

    Project mention: What's new in phabalicious 3.8? | | 2022-08-22

    Phab supports now encryption and decryption of files and strings. It uses defuse/php-encryption, a widely used library for encryption under the hood. You can encrypt files in a script with

  • Passbolt

    Passbolt CE Backend, a JSON API written with Cakephp

    Project mention: New Deployment Option for Self-Hosting Bitwarden | | 2022-12-08

    I don't have anything to do with this particular app - but came across this the other day. Its specifically built for managing credentials across an org.

  • bouncer

    Eloquent roles and abilities.

    Project mention: Best way to only allow a user to view their own models? | | 2022-10-12

    Bouncer on the other hand supports scoped permission assignments where the assigned permission applies to a specific model only.

  • HTML Purifier

    Standards compliant HTML filter written in PHP

    Project mention: User-friendly and safe templating engine? | | 2022-12-15

    For HTML specifically, HTMLPurifier is pretty well known.


    PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

    Project mention: An Unsafe Deserialization Vulnerability and Types of Deserialization | | 2022-12-10


  • SensioLabs Security Check

    A database of PHP security advisories

    Project mention: Laravel Security Alerts | | 2022-08-08

    We use snyk, but I have found symfonys security checker to be the quickest to catch vulns:

  • IniScan

    A php.ini scanner for best security practices

  • Sentinel

    A framework agnostic authentication & authorization system. (by cartalyst)

    Project mention: Weekly help thread | | 2022-03-14

    Github: Documentation:

  • wp2static

    WordPress static site generator for security, performance and cost benefits

    Project mention: What am I missing? GrapesJS + Cloudflare = Static website for the cost of a domain? Seems too good to be true. | | 2022-11-12

    Also, for a bit more complex although richer in features workflow, you might try Wordpress with the Block Editor (or any page builder like Elementor) and the [WP2Static]( plugin, which allows you to turn a Wordpress site into a static one!

  • Optimus

    🤖 Id obfuscation based on Knuth's multiplicative hashing method for PHP.

  • Halite

    High-level cryptography interface powered by libsodium

    Project mention: Sodium encryption and digital signing made simple | | 2022-04-05

    Sounds like What does this do better?

  • PHP-Auth

    Authentication for PHP. Simple, lightweight and secure.

    Project mention: Need Help With Login Code | | 2023-01-10

    After several projects where I crafted slightly login systems for each.. and then realised that I needed to maintain them in future. I've started using delight-im/PHP-Auth it's pretty sweet with good documentation.

  • mutillidae

    OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.

    Project mention: Web App Pentesting Course | | 2022-02-24
  • Latte

    ☕ Latte: the safest & truly intuitive templates for PHP. Engine for those who want the most secure PHP sites.

    Project mention: Recommended using template engine in non framework projects? | | 2023-01-14
  • SonarLint

    Clean code begins in your IDE with SonarLint. Up your coding game and discover issues early. SonarLint is a free plugin that helps you find & fix bugs and security issues from the moment you start writing code. Install from your favorite IDE marketplace today.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2023-01-27.

PHP Security related posts


What are some of the best open-source Security projects in PHP? This list will help you:

Project Stars
1 Matomo 17,249
2 labs 11,097
3 random_compat 8,047
4 DVWA 7,104
5 awesome-appsec 5,418
6 PHPSecLib 4,954
7 PrivateBin 4,671
8 MISP 4,184
9 pfSense 4,011
10 PHP Encryption 3,569
11 Passbolt 3,492
12 bouncer 3,189
13 HTML Purifier 2,680
14 PHPGGC 2,523
15 SensioLabs Security Check 1,907
16 IniScan 1,468
17 Sentinel 1,426
18 wp2static 1,268
19 Optimus 1,219
20 Halite 1,070
21 PHP-Auth 943
22 mutillidae 935
23 Latte 910
Clean code begins in your IDE with SonarLint
Up your coding game and discover issues early. SonarLint is a free plugin that helps you find & fix bugs and security issues from the moment you start writing code. Install from your favorite IDE marketplace today.