Bringing Security to the Laravel Community. The Artisan of the Day Is Stephen Rees-Carter.
Stephen Rees-Carter’s journey with PHP started more than 20 years ago, back when he was a student learning BASIC and VB in school. He loved it so much that he wanted to build websites, and the only option at the time was convincing his parents to sign up for a shared hosting account that supported PHP.
He never left PHP. “I’ve never wanted to learn a different language,” he says.
His first professional role introduced him to Zend Framework 1, which he enjoyed until the early versions of Zend Framework 2. “Everything was manually wired up components with no magic or fun. I hated it.”
In 2013, at a tech conference, a friend suggested he try Laravel. He dove in immediately. “I’m pretty sure I spent most of the conference learning about Laravel v3 and the upcoming v4, rather than paying attention to the talks!” Since then, Laravel has been his primary home.
Shifting to Security
While working across companies, Stephen took a detour into WordPress security. That experience sent him down a new path: penetration testing. He now focuses on security within the Laravel ecosystem, hacking into apps to find vulnerabilities and teaching developers how to prevent them.
Somewhere along the way, he began speaking at conferences. “My first was 10 years ago, and now I think I’ve done 27!” Today, he combines those passions (security, Laravel, and education) into his primary work.
Securing Laravel
The project Stephen is most proud of is Securing Laravel, his weekly mailing list and monthly long-form article series.
“I started it around four years ago, and have written over 160 security-focused articles for Laravel developers. We’ve just explored setting up Two-Factor Authentication, and up next is a very long-awaited article about Passkeys. Wish me luck!”
Through Securing Laravel, he’s created one of the most consistent and practical resources for developers who want to build safer apps.
He’s also working on a “super top secret project” that he can’t talk about just yet.
Tools of the Trade
Stephen’s toolkit blends development and penetration testing essentials:
- ThinkPad X1 Carbon (his go-to machine)
- Windows 11 with WSL2 and Ubuntu 24.04 LTS (with a custom PHP and Nginx stack)
- PhpStorm: “The GOAT”
- Windows Terminal (“Quake mode FTW!”)
- Burp Suite Professional: “Totally worth it!”
- Notion for business management
- Google Chrome for daily use
His philosophy is straightforward: learn your tools in depth. “Figure out how to use your tools properly, what the keyboard shortcuts are, what options are available, and how you can get the best out of them.”
And the same applies to Laravel: dive into the source code. “Figure out how Laravel works internally, what its quirks are, and how components fit together. This will influence your apps, and allow you to optimise your code to make the framework sing.”
Advice for the Community
For anyone looking to build a presence in the Laravel Community, Stephen recommends carving out a niche and sharing your perspective. “Even if it feels like a niche others have covered, I guarantee you’ll have your own unique take on it once you find your voice.”
As for the community at large, he stresses one message: learn to write secure code. “Please keep your apps secure!”
Your Story Belongs Here
You don't need to have a course, a talk, or a big launch. If Laravel has been part of your journey (a pivot, a side project, a moment of growth), we'd love to hear about it!
Answer Taylor's questions at laravel.com/stories.
We're always looking to feature developers from every corner of the community. Beginners, builders, behind-the-scenes folks. If Laravel helped you do something you're proud of, that's a story worth telling.