Nik Cubrilovic has gone on a little troll and posted 4 tips on ‘Preventing PHP Leakage’. I have some more tips for him and others who think he had something valuable to say..

Make sure you’ve read AND understood the PHP INSTALL doc before you deploy a production server.

… If that’s too hard, I also recommend the following industry practices, which will only help secure your site against this unreliable and clunky language known as PHP. If you use any other language, you can ignore these tips.. since they aren’t PHP.

1. Use firewalls : Firewalls can help prevent unauthorized access to your web servers. If you use PHP, more than likely your server will just give out the root password under high load.
2. Enable SSH on a different port: All PHP hackers know that SSH runs on port 22, trick them all by using port 4222.. they’ll never be able to guess it. For more fun, write a script that will change the SSHD listen port randomly by the hour..
3. TEST : There is thing that you absolutely need to do with PHP code, and that is called testing. See, PHP code unlike any other code sometimes just doesn’t do what you want.. it does what you told it do… unless of course you’ve tested it, and trained it. So, if you test and train the PHP (mod_knowwhatimeant), you’re guaranteed to have the code work to your liking.

All of these solutions are well kept secrets by the upper echelon of the PHP community. Rasmus, Andrei, Sara et al, use these techniques all the time, but won’t tell you this stuff unless you pay them in large sums of picture postcards, or beer.

If you feel all the work above is too much, use a different language, anything but PHP will suffice.