PHP is often derided as insecure. Most frequently however, weakness is not down to the language itself but poor programming techniques by amateur coders who are unfamiliar with the myriad security practices that should be employed in a defensive programming approach.
The Internet is a hive of nefarious activities by individuals looking to cause mischief or hijack websites for criminal purposes. Attack vectors are constantly evolving and can be so convoluted in their complexity that mere mortals would struggle to understand them.
Wouldn’t it be nice if somebody else stayed on top of things and could take the responsibility of scanning user input off your hands?
Enter PHPIDS — PHP-Intrusion Detection System. This security layer is very fast and simple to use. A set of tested and approved filter rules are applied to detect a potential attack and a numerical severity rating is returned that allows you to react accordingly.
New filters are released every now and again in response to newly discovered attack methods, so keeping PHPIDS up-to-date can involve a bit of manual effort. Again, wouldn’t be nice if someone could keep an eye on this for you as well?