PHP Security

Open-source PHP projects categorized as Security
Edit details
PHP Laravel WordPress Composer Repositories Authentication
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

Top 23 PHP Security Projects

PHP logo
Security

  1. Matomo

    Empowering People Ethically 🚀 — Matomo is hiring! Join us → https://matomo.org/jobs Matomo is the leading open-source alternative to Google Analytics, giving you complete control and built-in privacy. Easily collect, visualise, and analyse data from websites & apps. Star us on GitHub ⭐️ – Pull Requests welcome!

    Project mention: 25 Trending Self-Hosted Projects on GitHub | dev.to | 2026-04-02

  2. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo

  3. DVWA

    Damn Vulnerable Web Application (DVWA)

    Project mention: Why I built attack-chain correlation on top of Semgrep and Joern | dev.to | 2026-04-07

    docker compose up curl -X POST http://localhost:8080/api/scans \ -H "Content-Type: application/json" \ -d '{"repo_url": "https://github.com/digininja/DVWA"}'

  4. PrivateBin

    A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.

    Project mention: I Audited the Privacy of Popular Free Dev Tools, the Results Are Terrifying | news.ycombinator.com | 2026-03-03

  5. random_compat

    PHP 5.x support for random_bytes() and random_int()

  6. awesome-appsec

    A curated list of resources for learning about application security

  7. MISP

    MISP (core software) - Open Source Threat Intelligence and Sharing Platform

    Project mention: Build Your Own Cybersecurity Toolkit: 5 Field-Tested Tools Every Analyst Should Master | dev.to | 2025-07-11

    🔗 https://www.misp-project.org/

  8. Passbolt

    Passbolt Community Edition (CE) API. The JSON API for the open source password manager for teams!

    Project mention: Bitwarden scrubs 'Always free' and 'Inclusion' values from its site | news.ycombinator.com | 2026-05-15

    Thoughts and reviews about Passbolt? TOTP handling seems a bit off, extensions are not mostly read-only (OK for me). But the "share a single secret" access control seems nice:

    https://www.passbolt.com/pricing/pro

    https://www.passbolt.com/vs/bitwarden/overview

    https://www.passbolt.com/docs/hosting/install/

    PHP backend (IMHO a downside): https://github.com/passbolt/passbolt_api. But There appears to be a significant amount of auditing behind Passbolt's security claims, assuming the information on https://www.passbolt.com/security is accurate.

  9. pfSense

    Main repository for pfSense

  10. PHPSecLib

    PHP Secure Communications Library

  11. PHP Encryption

    Simple Encryption in PHP.

  12. PHPGGC

    PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

  13. bouncer

    Laravel Eloquent roles and abilities.

  14. HTML Purifier

    Standards compliant HTML filter written in PHP

  15. SensioLabs Security Check

    A database of PHP security advisories

    Project mention: A Vulnerability in Libsodium | news.ycombinator.com | 2025-12-30

    This also affected the PHP library, sodium_compat. https://github.com/FriendsOfPHP/security-advisories/pull/756

    I'm planning to spend my evening checking every other Ed25519 implementation I can find to see if this check is missing any where else in the open source ecosystem.

  16. Sentinel

    A framework agnostic authentication & authorization system. (by cartalyst)

  17. mutillidae

    OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.

  18. IniScan

    A php.ini scanner for best security practices

  19. wp2static

    WordPress static site generator for security, performance and cost benefits

  20. tirreno

    Open security analytics. Understand, monitor, and protect your product from cyber threats, account takeovers, bots and abuse.

    Project mention: Fidonet: Technology, Use, Tools, and History | news.ycombinator.com | 2026-06-02

  21. Latte

    ☕ Latte: the safest & truly intuitive templates for PHP. Engine for those who want the most secure PHP sites.

  22. Optimus

    🤖 Id obfuscation based on Knuth's multiplicative hashing method for PHP.

  23. PHP-Auth

    Authentication for PHP. Simple, lightweight and secure.

  24. TwoFactorAuth

    PHP library for Two Factor Authentication (TFA / 2FA) (by RobThree)

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

PHP Security discussion

Log in or Post with

PHP Security related posts

Index

What are some of the best open-source Security projects in PHP? This list will help you:

# Project Stars
1 Matomo 21,592
2 DVWA 13,198
3 PrivateBin 8,376
4 random_compat 8,164
5 awesome-appsec 6,912
6 MISP 6,356
7 Passbolt 5,969
8 pfSense 5,667
9 PHPSecLib 5,573
10 PHP Encryption 3,872
11 PHPGGC 3,826
12 bouncer 3,576
13 HTML Purifier 3,347
14 SensioLabs Security Check 2,126
15 Sentinel 1,524
16 mutillidae 1,489
17 IniScan 1,468
18 wp2static 1,460
19 tirreno 1,403
20 Latte 1,282
21 Optimus 1,276
22 PHP-Auth 1,237
23 TwoFactorAuth 1,179

Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com

Did you know that PHP is
the 14th most popular programming language
based on number of references?

Loading...