For many years, PHP has been a stable, inexpensive platform on which to operate web-based applications. Like most web-based platforms, PHP is vulnerable to external attacks. Developers, database architects and system administrators should take precautions before deploying PHP applications to a live server. Most of these techniques can be accomplished with a few lines of code or a slight adjustment to the application settings.
If the developer has installed a set of PHP scripts from a third-party application, the scripts the application uses to install the working components can also provide an access point to unscrupulous users. Most providers of third-party packages recommend removing the directory containing the setup scripts shortly after installation. For developers who wish to retain the setup scripts, they can create an .htaccess file that controls access to the administrative directories.