Securing a PHP Website on CentOS: System Updates, Firewall Configuration, PHP Hardening, HTTPS, and Backup Procedures

CentOS is a widely used Linux distribution known for its stability and security. This article provides a step‑by‑step guide to securing a PHP website on CentOS.

1. Upgrade the system : Ensure the OS is up‑to‑date with all security patches.

sudo yum update

2. Install and start the firewall (Firewalld) to restrict unauthorized access.

sudo yum install firewalld

sudo systemctl start firewalld

sudo systemctl enable firewalld

3. Configure Firewalld rules : Allow only HTTP (port 80) and HTTPS (port 443) traffic.

sudo firewall-cmd --zone=public --add-port=80/tcp --permanent

sudo firewall-cmd --zone=public --add-port=443/tcp --permanent

sudo firewall-cmd --reload

4. Install PHP runtime.

sudo yum install php

5. Harden PHP configuration by editing /etc/php.ini and applying the following settings:

Set display_errors = Off to hide error messages from users.

Enable open_basedir to restrict script access to specific directories.

Adjust upload_max_filesize and post_max_size to reasonable limits.

sudo vi /etc/php.ini

6. Install additional PHP security extensions for encryption, image processing, and string handling.

sudo yum install php-mcrypt

sudo yum install php-gd

sudo yum install php-mbstring

sudo yum install php-bcmath

7. Enable HTTPS to protect sensitive user data.

sudo yum install mod_ssl

sudo systemctl restart httpd

Copy your SSL certificate files into /etc/httpd/conf.d/ssl.conf .

8. Perform regular backups of website files and the MySQL database.

Create a backup directory:

sudo mkdir /backup

Navigate to it:

cd /backup

Sync website files:

sudo rsync -avz --delete /var/www/html/ ./website_backup/

Dump the MySQL database (replace placeholders with actual credentials):

sudo mysqldump -u [db_user] -p[db_password] [db_name] > website_backup.sql

Compress the dump:

sudo gzip website_backup.sql

Store the compressed backup in a secure location.

Conclusion : By applying system updates, configuring Firewalld, hardening PHP, enabling HTTPS, and maintaining regular backups, you can significantly improve the security of a PHP website running on CentOS and protect user data from common threats.