PHP has had many reputations over the years, but being insecure as a language never really was one of them. The core team, all its faults notwithstanding, is rather quick in pouncing on all security matters, and updating PHP to the latest version will often allay all worries. But the end users, such as we are, tend to mess things up. We don’t update, we use outdated packages or packages with holes
![PHP Tips, Resources and Best Practices for 2015 — SitePoint](https://cdn-ak-scissors.b.st-hatena.com/image/square/b0f47d7caa8f888e33fa72543419bc50a44ddfae/height=288;version=1;width=512/https%3A%2F%2Fwww.sitepoint.com%2Fwp-content%2Fthemes%2Fsitepoint%2Fassets%2Fimages%2Ficon.php.png)