Secure PHP

Effortlessly keep your PHP applications secure by selectively permitting and disallowing write-access. With support for WordPress, Drupal, Joomla!, and Magento keeping your web site secure is as easy as a mouse click.


Security Made Easy

Fortification evolved as a process to isolate web applications from user data by having two separate users, one for your account data and the other for untrusted web data. Fortification protects your site and tags any file created by your PHP application with a separate user.

Step One

Click on Change Fortification.


Step Two

Click Web App Write Mode to temporarily allow write-access by the web server.

Dual-User Model

PHP runs as a separate user to keep your files secure in the event of a breach. Competitors lump all web sites under 1 user account, including your sensitive email and SSH keys. In the event of a breach on any web site, a hacker has access to infect other web site files or even steal your SSH keys and sensitive emails.

Fortification Mode

Limit write-access to PHP to only acceptable, filtered locations on your web site. Fortify implements this policy whereas Release Fortification allows write-access anywhere on the web site. Web App Write Mode flips between modes with a 10 minute timer – handy for in-place updates.

Fortification only apply to the selected web site, so multiple sites on your account can use different levels of protection.

Learning Mode

For miscellaneous PHP applications, select Learning Mode to establish a behavior profile on your site. Learning Mode sets a checkpoint, then checks again after 1 hour to determine what files have changed and what files or folders are necessary for correct site operation. All other files are restricted write-access to maximize security.

Learning Mode may only be applied to applications that do not have fortification profiles. WordPress, Drupal, Joomla, and Magento come with fortification profiles.

Malware Scrubbing

Every file upload that passes through the server is scrubbed for known malware against a database of over 3.5 million signatures. Each server routinely stops over 100 viruses per day from entering server space.

URI Filtering

Certain known paths for WordPress, Joomla!, Drupal, and Magento are expected to serve only media. We strictly enforce this policy to ensure that /wp-content/uploads only serves cat gifs, not malicious backdoors.

Audit Trail

Using a separate user from your content allows you to easily see what files were created or altered in the event of a breach. file_audit is a low-level API command that traces a directory and looks for suspicious files.

Get started for free

curl | bash
SHA2: fdbf16d76bffd0ebacf6bf840fc2e508f26a1362415e8d4c9d01d425a69c000d