PHP Security

Open-source PHP projects categorized as Security | Edit details

Top 23 PHP Security Projects

  • Matomo

    Liberating Web Analytics. Star us on Github? +1. Matomo is the leading open alternative to Google Analytics that gives you full control over your data. Matomo lets you easily collect data from websites & apps and visualise this data and extract insights. Privacy is built-in. We love Pull Requests!

    Project mention: Selling Free Software | | 2022-01-23
  • labs

    This is a collection of tutorials for learning how to use Docker with various tools. Contributions welcome.

    Project mention: How to “dockerize” existing web apps (“php + mySQL” app, and “node.js + express + mongodb” app) | | 2021-03-11

    You can find some intro and tutorials to catch up on docker

  • Cloudways

    Managed Cloud Hosting Platform. Deploy PHP applications on Cloudways web hosting platform to get high uptime and optimized performance. Use the BFCM promo "BFCM2021" to get 40% FLAT discount for FOUR months straight.

  • random_compat

    PHP 5.x support for random_bytes() and random_int()

  • DVWA

    Damn Vulnerable Web Application (DVWA)

    Project mention: Help needed with ab assignment | | 2022-01-19

    Yes, the top 10 is a good place to start and pick a category from. For practice and demonstration you can use or

  • awesome-appsec

    A curated list of resources for learning about application security

    Project mention: Anyone in AppSec (Application Security)? | | 2021-12-07

    Come over to /r/devsecops to get more information about the field. Also, there are lots of good sources, you can get some from my blog, or Awesome AppSec, or Security Prince and other places.

  • PHPSecLib

    PHP Secure Communications Library

    Project mention: Trying to easily replace the depricated mcrypt_decrypt functionality. | | 2022-01-05

    You can also use phpseclib (PHP Secure Communications Library), which has all kinds of security-related functions, including functions for symmetric encryption. It uses a pure PHP implementation, so you don't need libraries like openssl or libsodium, but they will be used when installed (for speed).

  • PrivateBin

    A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.

    Project mention: PrivateBin: NEW Data - star count:3702.0 | | 2022-01-23
  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • MISP

    MISP (core software) - Open Source Threat Intelligence and Sharing Platform

    Project mention: Basic External IP investigating? | | 2021-11-25

    One thing you can do is run the IPs through various (opensource) threat feeds to see if the IPs have been observed by others in the past. AlienVault OTX and MISP are two free options that you could utilize.

  • pfSense

    Main repository for pfSense

    Project mention: [Bi-annual Repost] What's on your Linux server? | | 2022-01-22

    This one in particular yes.. big difference.. i built it for one.. check out

  • PHP Encryption

    Simple Encryption in PHP.

    Project mention: How I Documented, Encrypted, and Tested My First REST API | | 2021-02-17

    I encrypted my data using defuse/php-encryption. This library, claiming to be secure, unlike other libraries, did the encryption and decryption for me. To encrypt and decrypt, I needed my own key, which I generated by running

  • Passbolt

    Passbolt CE Backend, a JSON API written with Cakephp

    Project mention: Simple sharing of keepass keyfile between multiple users? | | 2022-01-20

    Just take a look here:

  • bouncer

    Eloquent roles and abilities.

    Project mention: Implementing RBAC in Laravel Tutorial | | 2021-12-02

    In this tutorial, you'll learn how to implement RBAC in Laravel using Bouncer. Bouncer is a PHP package that lets you add roles and abilities to your Eloquent models.

  • HTML Purifier

    Standards compliant HTML filter written in PHP

    Project mention: How to use Laraberg on the client side and avoid XSS attacks? | | 2022-01-19

    PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

    Project mention: Insecure deserialization | | 2021-10-29

    To achieve RCE you’d need an unserialize “gadget” — PHPGGC might help.

  • SensioLabs Security Check

    A database of PHP security advisories

    Project mention: Is Laravel still simple? | | 2021-10-31
  • IniScan

    A php.ini scanner for best security practices

  • Sentinel

    A framework agnostic authentication & authorization system. (by cartalyst)

  • Optimus

    🤖 Id obfuscation based on Knuth's multiplicative hashing method for PHP.

    Project mention: PostgreSQL UUID vs. Serial vs. Identity | | 2021-05-31

    Yes, I completely forgot about it. I used it a few years ago, I tried also [1] which is integers instead of strings.


  • wp2static

    WordPress static site generator for security, performance and cost benefits

    Project mention: Over 90 WordPress themes, plugins backdoored in supply chain attack | | 2022-01-22
  • Halite

    High-level cryptography interface powered by libsodium

    Project mention: Halite (usable cryptography library for PHP) version 5.0.0 released (Security Improvements within!) | | 2022-01-18
  • PHP-Auth

    Authentication for PHP. Simple, lightweight and secure.

    Project mention: Alternatives for passwordless login like Magiclink? | | 2022-01-05
  • RandomLib

    A library for generating random numbers and strings

  • TwoFactorAuth

    PHP library for Two Factor Authentication (TFA / 2FA) (by RobThree)

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2022-01-23.

PHP Security related posts


What are some of the best open-source Security projects in PHP? This list will help you:

Project Stars
1 Matomo 15,834
2 labs 10,510
3 random_compat 7,955
4 DVWA 5,798
5 awesome-appsec 4,825
6 PHPSecLib 4,646
7 PrivateBin 3,691
8 MISP 3,525
9 pfSense 3,488
10 PHP Encryption 3,421
11 Passbolt 2,793
12 bouncer 2,774
13 HTML Purifier 2,414
14 PHPGGC 2,008
15 SensioLabs Security Check 1,760
16 IniScan 1,455
17 Sentinel 1,380
18 Optimus 1,142
19 wp2static 1,124
20 Halite 1,013
21 PHP-Auth 844
22 RandomLib 821
23 TwoFactorAuth 804
Find remote jobs at our new job board There are 29 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.
OPS - Build and Run Open Source Unikernels
Quickly and easily build and deploy open source unikernels in tens of seconds. Deploy in any language to any cloud.