I'll share 100 Laravel tips on performance, security and reliability over the next 100 days!

Simply follow this thread to get them daily.

Laravel Tip #01: Consider adding route caching to your deployment script to speed up your route registration by up to 5x!

Laravel Tip #02:

Did you know that if you have your MySQL database running on your web server, you can improve performance by up to 50% by using Unix sockets instead of TCP ports?

The folks over at @Percona published a benchmark on this.

Link: https://www.percona.com/blog/2020/04/13/need-to-connect-to-a-local-mysql-server-use-unix-domain-socket/

Laravel Tip #03:

Whenever your app allows the user to define a filename to be uploaded, make sure you strip out the directory from the input to protect against unrestricted file upload attacks.

Learn more: https://www.laravel-enlightn.com/docs/security/unrestricted-file-upload-analyzer.html

Laravel Tip #04:

If you're using Redis in your Laravel app, make sure to choose an eviction policy that matches your use case.

Learn more: https://www.laravel-enlightn.com/docs/reliability/redis-eviction-policy-analyzer.html

Laravel Tip #05:

For scalability, it's a good practice to make your tasks (jobs, scheduled commands or service classes) idempotent.

Idempotent tasks can be called multiple times without changing the side effects.

Here's @stauffermatt's talk on this: https://www.youtube.com/watch?t=1823&v=enTb2E4vEos

Laravel Tip #06:

If you use resource controllers, make sure to either implement all methods or restrict route registrations with the only method.

Otherwise, there would be dead routes in your app that throw 500 BadMethodCallExceptions rather than serving proper 404s.

Laravel Tip #07:

For a nice performance boost, it's often a good practice to implement page caching for static pages.

@laravelphp's own website uses this for caching documentation pages.

Github Link: https://github.com/laravel/laravel.com-next/blob/818461956bf9b84b4c388223e8db1b3162a58da6/app/Documentation.php#L56-L74

Laravel Tip #08:

It's a good practice to take a daily backup of your application database and files.

Luckily, for Laravel, the good folks over at @spatie_be built an awesome OSS package for that!

Github Link: https://github.com/spatie/laravel-backup

Laravel Tip #09:

It feels like data breaches are showing up every week in the news. You should think about how you're storing sensitive data, especially PII.

Consider using Laravel Eloquent's encrypted attribute casting contributed by @gonedark.

PR: https://github.com/laravel/framework/pull/34937

Laravel Tip #10:

If your application allows users to download large datasets computed on the fly, consider using streamed downloads and lazy collections for better performance and reduced memory usage.

Laravel Tip #11:

To minimize the risk of remote code execution (RCE) and cross-site scripting (XSS), it is a good practice to disable the "allow_url_fopen" and "allow_url_include" php configuration settings in your php.ini file.

Learn more: https://www.laravel-enlightn.com/docs/security/php-ini-analyzer.html

Laravel Tip #12:

For protection against brute force attacks, it is recommended to use a combination of login throttling (supported by Laravel out-of-the-box) and a captcha library such as @reCAPTCHA.

Laravel Tip #13:

If you have free RAM wasting away on your web server, one simple yet powerful technique to increase performance is to increase your PHP FPM max child processes.

Laravel Tip #14:

When you work with a large number of query results, it is a good practice to use chunking for reduced memory usage.

A great example is @laravelphp Scout internally uses chunking while importing DB records into search indexes.