Chapter 8. Shared Hosting

It is impossible to achieve a high level of security in a shared hosting environment. However, with some careful planning, you can avoid common mistakes and protect yourself from the most frequent attacks. While some practices require cooperation from your hosting service provider, there are others that you can employ yourself.

This chapter covers the primary risks associated with shared hosting. Although the same safeguards can be used to protect against many of these attacks, it helps to see each one demonstrated in order to appreciate the scope of the problem.

Because this book focuses on application security rather than infrastructure security, I do not discuss techniques that can be used to strengthen the security of the hosting environment. If you are a hosting service provider and need more information about infrastructure security, I recommend the following resources:


Many examples in this chapter demonstrate attacks rather than safeguards. As such, they have intentional vulnerabilities.

To strengthen your understanding of the topics presented in this chapter, I highly recommend experimenting with the examples.

Exposed Source Code

Your web server must be able to read your source code in order to execute it, and this means that anyone else who can write code that your web server executes can also read your source code. On a shared host, this is a significant ...

Get Essential PHP Security now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.