Contrary to popular belief, PHP is still a viable language for building web applications. PHP is just another tool that you need to learn to use properly. Let's discuss a few items specific to PHP that will make your site safer.
Limit Your Web Root to an index.php and Asset Files
Encrypt All Communication
In your PHP app, you will often have to communicate with other services or storage mechanisms. It is important that you always use encrypted connections to the services. When using curl or soap, always use https URLs to APIs to verify the data in transit is encrypted. In addition, if you are using FTP, make sure you use some form of secure FTP, either FTPS or SFTP. If you don't use any kind of secure transmission, then you might leak user data over the network activity. Using TLS also verifies the URL is what it claims to be which protects you from sending data to a bad actor.
Use a Template Framework