nixCraft has an article on 25 best security practices for PHP on Linux.
Some of the points are:
- Find Built-in PHP Modules
- Restrict PHP Information Leakage
- Turn Off Remote Code Execution
- Resource Control (DoS Control)
- Disabling Dangerous PHP Functions
- Limit PHP Access To File System
Read the full article here:
http://www.cyberciti.biz/tips/php-security-best-practices-tutorial.html