PHP has some great advantages over several other languages in that it's really easy for beginners to set-up a basic website. That upside comes with some downsides too. A lot of basic PHP tutorials fail to cover important aspects of application security.

This post is divided into several sections each covering a different security threat and how to properly defend your site against it.

Sometimes there are unique content requirements that require content editors to insert Twig code in Craft CMS entries. However this raises several security concerns and issues. In this post I'll highlight the solution I developed for my blog.

HTTP/2 offers many advantages over legacy protocols like HTTP/1.1. One of those features is Server Push, a way to push assets to the client before the server supplies the requested HTML document. This allows for faster load-times for critical assets. In this example I will be using the Caddy webserver, however modern Apache 2 and nginx versions also support Sever Push and HTTP/2.