Æther PHP The divine lightweight PHP framework engineered for fast, secure backends
Built from scratch for speed and security.
No Composer. No bloat. No magic.
Pure PHP backends you can ship fast.
Fast.
Secure.
Easy to use.
Aether delivers ultra-fast, secure backends without the usual framework bloat. Built for freelancers and indie developers who need to ship quality backends quickly - without compromising on security or performance.
Ultra-fast performance
2ms cold boot, 1ms warm. Under 1MB of source. Zero runtime dependencies. Deploy anywhere, run instantly - no build steps, no vendor lock-in.
Security-first design
HMAC-signed sessions, Argon2ID password hashing, CSRF protection, rate limiting, CSP headers, and prepared statements only. Security isn't optional - it's built in.
Easy to use and deploy
Clone, configure, deploy. No package manager required. No hidden complexity. Build full backends quickly with clean, readable code that you actually understand.
Clean code. Fast results.
Build SaaS platforms, REST APIs, e-commerce sites, blogs, and specialized services with minimal boilerplate.
class AppController extends Controller {
/**
* [@method] => GET
* [@route] => /
*/
public function home(){
$this->_render("home", [
"welcome" => "Welcome on the page !"
]);
}
}class ApiController extends Controller {
/**
* [@method] => GET
* [@route] => /api/endpoint
*/
public function api(){
Aether()->_http()->_response()->_json([
"message" => "api fetched"
], 200)->_send();
}
}class UserController extends Controller {
/**
* [@method] => GET
* [@route] => /api/users
*/
public function fetchUsers(){
if (!Aether()->_session()->_isLoggedIn())
return Aether()->_http()->_response()->_json(["You need to be logged in.", 401])->_send();
$usersList = Aether()->_db()->_mysql("mydatabase")
->_table("users")
->_select('*')
->_send();
return Aether()->_http()->_response()->_json([$usersList, 200])->_send();
}
}Security
built in,
not bolted on.
Aether is security-oriented by design. Every authentication flow, every session, every database query is protected from the ground up - so you can focus on building features, not patching vulnerabilities.
HMAC-Signed Sessions
Session payloads are integrity-protected using HMAC signatures. Tampered sessions are rejected before they reach your code - automatic protection with zero configuration.
Argon2ID Password Hashing
Modern, secure password hashing out of the box. No weak defaults, no deprecated algorithms - just industry-standard protection that works immediately.
Security Middlewares
Rate limiting, CSP headers, secure PHP.ini parameters, and CSRF token checking. All opt-in, all composable, all production-ready from day one.
Permission Layer
Built-in role system with default user and admin permissions. Extend it for your needs or use it as-is - authorization is explicit, typed, and auditable.
if (UserInstance::_isLoggedIn()
&& SessionInstance::_getUser()->_isAdmin()) {
// Access granted — no guessing, no magic
echo "Admin access granted.";
}Everything you need
to ship fast.
Annotation-Driven Router
Define routes directly in controller docblocks. No config files, no separate routing layer - routes live with the code they serve.
Security Middlewares
Rate limiting, CSRF protection, CSP headers - all ready to use. Composable, testable, and designed to keep your app secure from day one.
Secure Session Management
HMAC-signed sessions with centralized access. No scattered $_SESSION calls - just clean, secure session handling throughout your app.
Built-in Auth Layer
Argon2ID password hashing, permission-based roles, and ready-to-use login/register/logout flows. Secure authentication without the setup headache.
Zero Runtime Dependencies
No Composer packages at runtime. No vendor folder bloat. Pure PHP that deploys in seconds - perfect for shared hosting or containerized environments.
Modern PHP 8.3
Leverages enums, typed properties, readonly classes, and named arguments. Not retrofitted - built from the ground up for modern PHP.
Database Wrapper
Query builder with prepared statements only. SQL injection protection is automatic - clean syntax, secure by design, no raw queries.
CLI Power Tools
Generate controllers, run scripts, bootstrap projects with php bin/aether. Fast scaffolding with zero configuration ceremony.
Built for developers who need
to ship quality backends fast.
Aether is designed for freelance developers delivering client projects and indie developers working on SaaS, REST APIs, e-commerce platforms, blogs, community apps, and specialized services.
No enterprise complexity. No framework magic. Just clean PHP you can understand, audit, and deploy in minutes - perfect for projects where speed, security, and simplicity matter most.
Shipping in minutes.
Clone, configure, deploy. No package manager. No build step. No ceremony. Start building secure, high-performance backends right now.
View on GitHubClone the repository
$ git clone https://github.com/Aether-PHP/Aether-PHP
$ cd Aether-PHPConfigure your environment
$ cp .env.example .env
# Edit .env with your DB credentials and app settingsGenerate your first controller
$ php bin/aether make:controller HomeControllerPoint your server to the root
Configure Apache or Nginx to rewrite URLs to index.php. You're live - secure, fast, and ready to build.