Inheriting a legacy app can be an adventure. Sometimes it can be much more than that. Trying to securely lock down a legacy app can be a much larger prospect. Here is a “quick” first pass recommendation.
Here is the slide deck for my talk on Basic Intrusion Detection With PHPIDS. If you attended, please provide feedback at Joind.in