10 packages to secure your laravel application

Here is the list of 10 packages from which you can secure your laravel application with ease. all you have to do is just browse to your folder via command panel an and install these packages using composer

1 – laravel-security

This packages integrates Symfony Security Core in Laravel, mainly to use the Voters to check acces to roles/objects.


Add this package to your composer.json and run composer update

"barryvdh/laravel-security": "0.2.x@dev"

After updating, add the ServiceProvider to ServiceProvider array in config/app.php


You can optionally add the Facade as well, to provide faster access to the Security component.

'Security' => 'Barryvdh\Security\Facade',



2 – authority-controller

AuthorityController is an PHP authorization library for Laravel 5.0 & 5.1 which restricts what resources a given user is allowed to access.

All permissions are defined in a single location:


and not duplicated across controllers, routes, views, and database queries.



3 – security

Laravel Security was created by, and is maintained by Graham Campbell, and is a port of the security class from CodeIgniter 3 for Laravel 5. This package is best used wrapped in my Laravel Binput package.


PHP 5.5+ or HHVM 3.6+, and Composer are required.

To get the latest version of Laravel Security, simply add the following line to the require block of your composer.json file:

"graham-campbell/security": "~3.2"

You’ll then need to run composer install or composer update to download it and have the autoloader updated.

Once Laravel Security is installed, you need to register the service provider. Open up config/app.php and add the following to the providers key.

  • 'GrahamCampbell\Security\SecurityServiceProvider'

You can register the Security facade in the aliases key of your config/app.php file if you like.

  • 'Security' => 'GrahamCampbell\Security\Facades\Security'


Laravel Security supports optional configuration.

To get started, you’ll need to publish all vendor assets:

$ php artisan vendor:publish

This will create a config/security.php file in your app that you can modify to set your configuration. Also, make sure you check for changes to the original config file in this package between releases.

There is one config option:

Evil attributes

This option ('evil') defines the evil attributes and they will be always be removed from the input



4 – HTMLPurifier for Laravel 5

A simple Laravel 5 service provider for including the HTMLPurifier for Laravel 5.

for Laravel 4 HTMLPurifier for Laravel 4

This package can be installed via Composer by requiring the mews/purifier package in your project’s composer.json:

    "require": {
        "laravel/framework": "~5.0",
        "mews/purifier": "~2.0",


Require this package with composer:

composer require mews/purifier

Update your packages with composer update or install with composer install



5 -binput

Binput Is An Input Protector For Laravel 5



6 – visualcaptcha-laravel

Laravel library for visualCaptcha. VisualCaptcha is created by EmotionLoop



7 – power

Full Administrative Package for laravel



8 -Laravel-ACL

Light-weight role-based permissions for Laravel 5 built in Auth system.



9- sysguard

Extend Laravel 5.0 Authentication to add more functionality.


First, pull in the package through Composer.

"require": {
    "ifaniqbal/sysguard": "dev-master"

Install with composer:

composer install

Include the service provider within config/app.php.

'providers' => [

Add a facade alias to this same file at the bottom:

'aliases' => [
    'Sysguard' => 'Ifaniqbal\Sysguard\SysguardFacade'

Add this middleware within script app/Http/Kernel.php:

protected $routeMiddleware = [
    'authorize' => 'Ifaniqbal\Sysguard\AuthorizeMiddleware'

Copy migration file to migration directory:

php artisan vendor:publish --force

Run artisan migrate to create the required tables on database:

php artisan migrate

You may need to run php artisan fresh so that the migration doesn’t conflict with Laravel user table migration.

Now, you’re ready to add this route in app/Http/routes.php:

Route::get ('/sysguard', ['uses' => '\Ifaniqbal\Sysguard\SysguardController@index', 'as' => 'sysguard.index']);

Route::resource('user', '\Ifaniqbal\Sysguard\UserController', ['except' => ['destroy']]);
Route::get ('/user/{user}/destroy', ['uses' => '\Ifaniqbal\Sysguard\UserController@destroy', 'as' => 'user.destroy']);

Route::resource('group', '\Ifaniqbal\Sysguard\GroupController', ['except' => ['destroy']]);
Route::get ('/group/{group}/destroy', ['uses' => '\Ifaniqbal\Sysguard\GroupController@destroy', 'as' => 'group.destroy']);

Route::resource('menu', '\Ifaniqbal\Sysguard\MenuController', ['except' => ['destroy']]);
Route::get ('/menu/{menu}/destroy', ['uses' => '\Ifaniqbal\Sysguard\MenuController@destroy', 'as' => 'menu.destroy']);

Route::resource('permission', '\Ifaniqbal\Sysguard\PermissionController', ['except' => ['destroy']]);
Route::get ('/permission/{permission}/destroy', ['uses' => '\Ifaniqbal\Sysguard\PermissionController@destroy', 'as' => 'permission.destroy']);

This package use watson/boostrap-form. So, you need to add these service providers:


Then, add these aliases:

'Form'      => 'Collective\Html\FormFacade',
'HTML'      => 'Collective\Html\HtmlFacade',
'BootstrapForm' => 'Watson\BootstrapForm\Facades\BootstrapForm',


To check authorization for current user in current route:


To get sidebar menu for current user:


To get all menu for current user:


To get all permission for current user:




10 – lock-laravel

A Laravel Driver for Lock.

This package is a Laravel 5 driver for Lock. Check the documentation of Lock for more info. It requires PHP 5.5.9+.


Deven Rathore

Deven is an Entrepreneur, and Full-stack developer, Constantly learning and experiencing new things. He currently runs CodeSource.io and Dunebook.com.

Published by
Deven Rathore

Recent Posts

How to Create a Custom Online Learning Platform

In the last few years, e-learning has become really popular. Coursera has recently surveyed and…

4 weeks ago

6 Tips for Designing Your Unique Blog

If done correctly, a blog can be hugely successful; it can create a large following,…

2 months ago

How to Record and Transcribe a Google Hangouts Meet Video

As we all know, the current COVID-19 situation has brought the entire world to a…

2 months ago

5 Signs You Need To Hire A Website Designer

As the digital face of your business, how your website is perceived to the outside…

2 months ago

21 Chrome Extensions for Web Development

Since its introduction in 2008, Google Chrome has become the most used and the most…

2 months ago

15 cool React Admin Templates

As a react developer, building your Admin Template from scratch can be quite stressful and…

2 months ago