Skip to content

ymuft/php-security-kit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

5 Commits
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
security.php
security.php
Β 
Β 

Repository files navigation

πŸ” PHP Security Core

Minimal and practical security middleware for PHP applications.

Designed for developers who want solid protection without relying on heavy frameworks.

πŸš€ Features

  • Secure session configuration (HttpOnly, Secure, SameSite)
  • Protection against session fixation
  • Basic session hijacking detection (IP + User-Agent)
  • CSRF protection (automatic token validation)
  • Basic rate limiting (per IP + endpoint)
  • Role-based access control
  • Security headers (XSS, clickjacking, etc.)
  • Session timeout handling

πŸ“¦ Installation

Just include the middleware in any protected page:

require_once __DIR__ . '/core/security.php';

πŸ§ͺ CSRF Protection Example

<form method="POST">
    <?php echo csrf_token_input(); ?>
    <input type="text" name="data">
    <button type="submit">Send</button>
</form>

βœ” Estrutura de pastas formatada:

## πŸ“ Suggested Structure
/core
    security.php

/logs
    php-error.log

/public
    index.php
    login.php

About

A lightweight PHP security middleware implementing session protection, CSRF defense, rate limiting, and secure headers.

Topics

php security middleware backend csrf web-security backend-service session-security

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages