Skip to content
A PHP security library.
Pull request Compare This branch is 33 commits behind phpsec:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

phpSec - PHP security library

  • phpSec is a open-source PHP security library that takes care of the common security tasks a web developer faces.

Build Status

Official Website and Documentation


  • Data encryption
  • XSS filter
  • Password hashing
  • Secure session handler
  • CSRF protection
  • Yubikey integration
  • Authy integration
  • Random data generator


phpSec is now a PSR-0 compatible library. this means that it can easilly be installed and loaded using Composer. You can also install phpSec manually, or using Git.

Installing using Composer

To install using Composer just add phpSec to your composer.json file in your project directory.

    "require": {

Then all you need to do is to run $ php composer.phar install . phpSec can then be loaded using the Composer autoloader.

require 'vendor/autoload.php';

Installing manually/Git

Download, checkout or peferrably add phpSec as a Git submodule. Then load the lib/phpSec/bootstrap.php file. This is a really simple autoloader that will load phpSec classes when needed.

require_once 'lib/phpSec/bootstrap.php';

If you already have a PSR-0 compatible autoloader for your project there is no need to call the bootstrap.php file. All you have to do is to register the phpSec namespace to the phpSec/lib folder.

If you want to add an autoloader to your project there is one example here. This can be initialized like this:

require_once 'SplClassLoader.php';
$classLoader = new SplClassLoader('phpSec', '/var/www/vendor/phpSec/lib');

For documentation on how to use the various phpSec functionality, take alook at the phpsec/doc repository.

System requirements

  • PHP >= 5.3.7
  • Mcrypt, if you want to encrypt stuff.

Getting help / Contact


phpSec is open-sourced software licensed under the MIT License.

Something went wrong with that request. Please try again.