Forem: Francesco Larossa

Configuring PHP securely in 2025 — common pitfalls and best practices

Francesco Larossa — Fri, 15 Aug 2025 20:30:13 +0000

When we talk about PHP security, most people think about sanitizing input or preventing SQL injection — but many vulnerabilities actually come from a misconfigured PHP environment.

If your PHP installation is left at its defaults, you might be exposing more than you think. Here are some key settings to review:

Disable display_errors in production Error messages can reveal sensitive information about your file paths, server setup, and even database structure. Always set:

display_errors = Off
log_errors = On

Turn off dangerous functions you don’t need Functions like exec, system, shell_exec are powerful but dangerous if abused. Disable them in your php.ini with:

disable_functions = exec,passthru,shell_exec,system,proc_open,popen

Use open_basedir restrictions Limit PHP’s file access to only the directories your application actually needs:

open_basedir = /var/www/html

Keep PHP updated Old versions are often the easiest attack surface. Even if your code is secure, an outdated PHP version can be an open door.

If you want a practical, modern guide to PHP in 2025 — including configuration tips and secure coding practices — I recently published one here:
Link

Why Learning PHP in 2025 Still Makes Sense (Yes, Really)

Francesco Larossa — Wed, 09 Jul 2025 14:22:30 +0000

Every year, developers debate whether PHP is still relevant. Yet somehow, PHP continues to power over 75% of the web, from massive platforms to solo developer projects.

If you're wondering whether PHP is still worth learning in 2025, here's the short answer: yes — and here's why.

Some of the biggest names on the web — WordPress, Facebook (originally), Wikipedia, Slack’s backend services, and thousands of custom platforms — rely on PHP.

That’s not by accident. PHP is:
Fast to deploy
Incredibly flexible
Well-supported by hosts and tools
In short: it works, and it scales.

If you're new to backend development, PHP is one of the easiest languages to get started with. You can write your first script in minutes, and actually see something working in the browser.

But don’t be fooled — PHP can also support huge, enterprise-grade applications. Modern frameworks like Laravel and Symfony have brought structure, security, and speed to the language.

🛠️ 3. The Ecosystem is Mature and Powerful
PHP offers:

Seamless database integration (MySQL, PostgreSQL, SQLite, etc.)

Native session and authentication handling

Tons of libraries and packages via Composer

A massive global community

Everything you need to build something real is already there — and well-tested.

🎓 Want to Learn PHP the Right Way?
If you're curious about learning PHP — or coming back to it with a fresh perspective — I’ve created a beginner-friendly course on Gumroad that teaches:

How to set up a clean development environment

Core PHP concepts explained clearly

Real-world use of MySQL, SQL, and PHP together

The foundation you need to build your own web projects

No unnecessary theory — just practical, modern PHP with context and purpose.

👉 Check it out here if you're ready to start building:
Link

What Can You Build with PHP in 2025? More Than You Think

Francesco Larossa — Wed, 25 Jun 2025 07:45:17 +0000

When people hear "PHP," many still think of old-school websites or outdated codebases. But the truth is, PHP in 2025 is modern, powerful, and incredibly flexible — used by millions of developers around the world.

If you’re just starting out and wondering “Is PHP still worth learning?”, here’s a spoiler: yes, absolutely.

Let’s take a look at what you can actually build with PHP today.

E-commerce Platforms
PHP is behind the scenes of many popular online stores — thanks to platforms like WooCommerce, Magento, and PrestaShop. If you’re looking to build your own store or customize an existing one, PHP gives you full control and scalability.
Content Management Systems (CMS)
WordPress, the most widely used CMS in the world, is built entirely in PHP. So are Joomla and Drupal. That means if you know PHP, you can build your own plugins, customize themes, or even create your own CMS from scratch.
Custom Web Applications
From dashboards to booking systems to internal tools, PHP (especially with frameworks like Laravel or Symfony) lets you build highly interactive and scalable web apps quickly. Modern PHP is clean, testable, and robust — far from the "spaghetti code" days.
REST APIs and Backends
PHP is excellent for building RESTful APIs that connect your frontend (like React or Vue) to your backend logic and database. Tools like Laravel Sanctum or Slim Framework make it easy to create secure, high-performance APIs.
Community Platforms & Forums
Need to build a custom community or user-driven platform? With PHP, you can create messaging systems, user profiles, upvoting features, and more. Stack Overflow was originally built using PHP!

Bonus: Automation Scripts & Cron Jobs
PHP isn’t limited to the browser — you can run it from the command line to create scheduled tasks, batch processes, or even lightweight backend scripts.

Final Thoughts
PHP in 2025 is far from dead — it's more capable than ever. Whether you're looking to build dynamic websites, powerful APIs, or entire web platforms, PHP has the tools and ecosystem to make it happen.

If you're new to PHP and want to build real projects from day one, I’ve created a beginner-friendly course on Gumroad that covers everything from setup to SQL integration, with hands-on examples and modern best practices.

Check it out here if you're ready to start building:

3 Common Mistakes Beginners Make When Learning PHP (and How to Avoid Them)

Francesco Larossa — Tue, 10 Jun 2025 07:42:33 +0000

When you're starting with PHP, it's easy to fall into some common traps that can slow down your learning or lead to bad habits. I’ve been working with PHP for nearly a decade, and I’ve mentored many beginners — I’ve seen the same issues come up again and again.

Let’s go through three common mistakes you should watch out for, and how to avoid them from day one.

1. Skipping the Basics Too Fast
Many beginners jump straight into building projects without really understanding what’s going on under the hood. Variables, data types, arrays, and control structures might seem “boring,” but they’re absolutely essential.
What to do instead
Spend time writing small snippets of code that focus on each basic concept. Understand why things work, not just how. Try modifying simple examples and observing the result.

2. Not Using Error Reporting
By default, PHP may not show all the errors and warnings your code is producing — and that’s dangerous. You might think your code works just fine, but it could be hiding bugs.
What to do instead
At the beginning of every PHP script you write while learning, add:

ini_set('display_errors', 1);
error_reporting(E_ALL);

This will show you exactly what’s wrong — and help you fix it faster.

3. Copy-Pasting Without Understanding
It’s tempting to copy code from Stack Overflow or tutorials and paste it into your project. That can work in the short term, but it doesn’t teach you anything.
What to do instead
When you find code online, rewrite it in your own words. Add comments. Change variable names. Ask yourself: What does each line do? Could I explain it to someone else?

This kind of active learning makes all the difference.

**PHP **is a powerful and beginner-friendly language — but like any language, it takes practice and patience. Avoiding these common mistakes can help you build a strong foundation and progress faster.

If you're serious about learning PHP from the ground up, I’ve put together a beginner-friendly course on Gumroad that walks through everything step-by-step — with no fluff, just clear examples and practical exercises.

Check it out here if you’re interested:
My Course

Thanks for reading, and happy coding!
Francesco

Why I Wrote a PHP Guide in 2025

Francesco Larossa — Wed, 04 Jun 2025 12:54:33 +0000

Hi everyone,

This is my first post here on DEV, and I wanted to take a moment to talk about something that keeps coming up in dev circles: PHP.

Yes, PHP — the language many love to hate, others quietly rely on, and some never really looked into beyond WordPress or legacy projects.

Despite its reputation, PHP is far from dead. It’s still one of the most widely used languages on the web, and in 2025, I believe it’s more relevant than ever.

That’s exactly why I put together a practical PHP guide — not a beginner course that stops at echo statements, but a clear, focused resource for developers who want to understand why PHP still matters and how to use it effectively today.

You can check it out here:
My Course

Thanks for reading — happy coding and see you around DEV!