According to W3C (the World Wide Web Consortium), as of 2015 81.9% of ALL websites on the planet were taking advantage of the PHP programming language – and it’s likely that this number has grown significantly in just the last four years.
PHP is almost effortless to learn, simple and straightforward to develop with, and is about as flexible a programming language as you are going to find today. There’s a reason why the world’s most popular content management systems like WordPress leverage PHP as their backbone, as well as why it’s usually the very first programming language that new coders look to learn before they stretch out in another directions.
At the same time, PHP is filled with all kinds of vulnerabilities that need to be patched and that need to be secured. Doing so manually is one approach for sure, but if your coding isn’t “up to snuff” your server can end up as secure as a three walled bank vault. Even if you have top-level coding skills under your belt you can still be exposed to serious PHP vulnerabilities should you allow ANY third party coding to be hosted on your web server.
For this reason (and so many more) most choose to move forward with a PHP hardening patch like the Suhosin solution. Designed from the top down to provide dual action protection across your entire server (both as a patch as well as a PHP extension), this is maybe the simplest and most straightforward way to dramatically improve the security of your server and harden your PHP significantly.
Of course, there’s no reason whatsoever that you should just cross your fingers and hope that a new installation of Suhosin on your server is going to handle the heavy lifting of your security for you.
You’re going to want to troubleshoot and double check that your server and your PHP install is as hardened as advertised.
Let’s dive right in.
Check Server Access
Right out of the gate, you’ll want to make sure that you have properly managed server access after the installation of the Suhosin patch to harden your PHP.
Physical server security is a big piece of the puzzle, but most people are going to be using a third-party service to handle their server needs. This is why you’ll only ever want to move forward with reliable and reputable hosting companies that you can trust, companies that have a reputation for protecting the personal and private data that they are hosting on the servers they maintain
Double Check Your Infrastructure
Suhosin is going to make a number of changes to your underlying PHP infrastructure, and that’s why you’ll need to be sure that you have troubleshot and double inspected these changes to make sure that your safety and security is being upheld.
You’ll want to check things like:
• How your SSL/TLS Configurations are being handled, that they aren’t using weak ciphers or outdated versions, and that the security certificates are regularly scanned to spot any issues in advance
• Remote connections are always being handled through TLS or public key connections, guaranteeing that the only access being granted to your server is 100% authenticated and that both the requests and responses are encrypted on both ends
• That sensitive data is NEVER being stored at any point in time in your PHP.ini or other configuration files
• That sensitive data and information is NEVER being transmitted across HT to headers
• That your logging system is working the way it is supposed to be, particularly inside of the new Suhosin logging system
… And that just begins to scratch the surface of the infrastructure elements you’ll want to make sure are properly aligned after you have applied the PHP hardening patch to your server.
Smart Protection Practices are Critical
Of course, you also want to be doing everything outside of your PHP patch to further harden and secure your server, your content, and the traffic and data that moves across and through your platform.
A Content Security Policy (CSP) helps to maintain strict security protocols throughout the entirety of your web platform regardless of who is granted access to make changes, modifications, or upgrades to your system.
Regardless of whether or not you are running a single page website or the largest and most sophisticated web application ever dreamed up a CSP is a huge piece of the puzzle to make sure that your platform is completely protected from top to bottom.
On top of hardening your PHP with a security patch like Suhosin you’ll also want to consider taking advantage of security header tools that can further lockdown your platform. There are a variety of different applications that can be chosen to help implement this kind of security feature, including those that help lockdown PHP header functionality, and you’ll want to leverage them as soon as you can.
Regular monitoring of your server environment and application/web platform security audits should be a common occurrence. Staying vigilant against PHP attacks is a critical piece of the puzzle in getting out ahead of these issues before they become major emergencies.
You may not be able to protect against any and every PHP attack ever waged against your platform or your server, but regular monitoring of your environment as well as security audits can help you spot vulnerabilities before they are exploited.
At the end of the day, the right PHP hardening patch is going to go a long way towards locking down and securing your online platform.
Be sure to troubleshoot that patch as necessary, to regularly inspect and audit your security, and to rollout new security improvements as they become available and you’ll have a lot less to worry about than server administrators that have a real “set it and forget it” approach to overall security.
Solutions like Suhosin go a long way towards helping you protect all the data that lives on your server as well as the data that moves across your server, keeping personal and private information exactly that – personal and private.