Securing a PHP Application
Security is a process. Perfect security is not possible, but attackers do have budgets.
PHP 7 does three important things that significantly improve the security of software
1)PHP 7 dropped support for the old mysql * functions
2)PHP 7 allows you to add scalar type declarations to your code.
3)PHP 7 ships with a secure random number generator
A website that uses HTTPS properly almost never has to worry about session hijacking attacks PHP: random_bytes - Manual