PHP developer: senior backend engineer for Laravel, Symfony, and custom applications

Short answer: Senior PHP developer with 20 years of practice. I work in PHP 8.3/8.4 with Laravel 11/12 and Symfony 7.x. I build REST APIs, integrations, microservices, and custom backend applications. Code is PSR-12, strictly typed, with PHPUnit tests and PHPStan level 8 static analysis. B2B contract, EU jurisdiction, individual quote after a one-hour audit. Remote from Gdynia, working with clients across Poland, Germany, Norway, the UK, and the US.

The WordPress / WooCommerce stack is described separately: WordPress developer and WooCommerce developer. This page covers Laravel, Symfony, and pure PHP backend work outside the WordPress ecosystem.

#What I deliver as a PHP developer

Concrete outputs, not declarations:

• Laravel and Symfony backends from greenfield to legacy refactor. ORM (Eloquent, Doctrine), queues (Redis, RabbitMQ), background jobs (Horizon, Messenger), service layers, repositories, domain events.
• APIs and integrations: REST with OAuth2/JWT auth, federated GraphQL, gRPC for microservices, webhook orchestration, integrations with external systems (ERP, CRM, payment gateways, couriers).
• Microservices and modular architecture: bounded contexts, API contracts, independent deploys, message bus, event sourcing where it actually fits. Monolith-to-microservices migration when the business case is real.
• Performance optimisation: OPcache, JIT, profiling (Xdebug, Blackfire, Tideways), N+1 query reduction, database indexes, Redis cache, static snapshots.
• Security: OWASP Top 10 audit, PDO prepared statements, CSRF tokens, input validation, output escaping, security headers (CSP, HSTS, X-Frame-Options), audit logging, hardened sessions.
• Version migrations: PHP 5.x → 8.3/8.4, Symfony 4 → 7, Laravel 6 → 11/12, modernising global-state code to DI with regression tests.
• Legacy refactor: monolith with globals, procedural code without tests, EOL frameworks. Strangler pattern, gradual module extraction, regression tests on live code.

#Tech stack

#Language and versions

• PHP 8.3 and 8.4 for new projects. PHP 8.1 LTS for maintenance work. PHP 7.4 and earlier only during migration.
• Composer 2.x for dependency management. Lockfile committed, CVE audit in CI.
• PSR-12 as the coding standard. PSR-4 autoloader. PSR-7/15/17/18 for HTTP middleware.

#Frameworks

• Laravel 11/12: business applications with fast iteration, admin panels, queues, scheduler, Inertia.js, Livewire for interactivity without a SPA.
• Symfony 7.x: enterprise integrations, long-lived systems, API Platform, Messenger, modular component architecture.
• Slim, Laminas, custom application on Symfony components: for lightweight APIs and specialised integrations.
• CodeIgniter 4: legacy only, when the client refuses migration.

#Code quality

• Strict typing (declare(strict_types=1)) in every file. Property types, return types, parameter types.
• PHPStan level 8 or Psalm for static analysis. Zero ignored errors in new code.
• PHPUnit or Pest for unit and integration tests. Coverage tied to business risk, not to a metric for its own sake.
• Rector for automated refactoring on PHP and framework upgrades.
• Code review on every pull request, including solo work (review by a senior B2B collaborator).

#Databases

• MySQL 8.x and MariaDB 11.x as the default. Indexes designed for query patterns, not generic.
• PostgreSQL 16+ for projects that need rich typing, JSONB, serializable transactions.
• Redis for cache, queues, sessions, distributed locks.
• Migrations in Laravel Schema or Doctrine Migrations, idempotent, with rollback paths.

#DevOps and deployment

• Git with feature/release/hotfix branches, conventional commits, signed commits.
• GitHub Actions for CI: lint, static analysis, tests, build artefact, deploy to staging.
• Docker locally and in CI. Compose for the multi-service stack (PHP-FPM, Nginx, MySQL, Redis, MailHog).
• Zero-downtime deploys: blue-green or Deployer with atomic symlink swap.
• Monitoring: Sentry for errors, New Relic or Datadog for APM, Grafana for infrastructure metrics.

#How a senior PHP developer differs from mid-level

The difference, from the client’s perspective, is not in the speed of writing code. A senior writes at a similar pace to a mid, sometimes slower, because they review and document along the way. The difference is in:

• Architecture decisions: a senior rejects ideas that work in a demo but explode at 100k users or 1M orders.
• Code review: a senior rejects a PR that ships a feature but leaves a trap for the junior to step on next month.
• Refactoring: a senior rewrites a module without changing its API, so the rest of the system never knows.
• Migrations: a senior knows when PHP 7.4 → 8.3 takes one sprint, and when it takes three because the legacy code uses behaviours removed in 8.0 or 8.1.
• Security: a senior designs the threat model before the first line of authorisation code, not after the first audit.
• Communication: a senior tells the business “this is possible, but it costs 3x more and yields 1.2x value” before work begins.

#Who this service fits

• Companies with existing Laravel or Symfony applications that need refactoring, modernisation, or new modules without a rewrite.
• Greenfield backend projects: Laravel/Symfony APIs, AI-service integrations, admin panels, reporting systems, distributed queues.
• PHP version and framework migrations: PHP 5.6/7.0 → 8.3/8.4, Symfony 4 → 7, Laravel 6 → 11/12, Laminas (Zend) → Symfony.
• Security and performance audits of existing PHP applications, with concrete recommendations and optional remediation.
• In-house teams that need a senior code reviewer, architect, or mentor for mid-level developers.
• Regulated backends: NIS2 for essential and important entities, DORA for finance, GDPR for personal data. Audit logging, access control, retention policies.

#Engagement model

Senior B2B in EU jurisdiction. Contract on VAT invoice, NDA standard, framework agreement with scope and schedule, time-and-materials or fixed-scope depending on brief maturity.

Discovery is usually a one-hour session in which:

1. I listen to the brief and ask technical questions.
2. I check the state of the code (if any), dependencies, infrastructure.
3. I identify risks and unknowns.
4. I quote scope after the session, individually. No “from $X per hour” rates in proposals - that misleads both sides.

Pricing is individual. I do not publish a rate card because:

• A WooCommerce store with 50 products and simple integrations is a different number from a Laravel system with 30 microservices and NIS2 compliance.
• The hourly audit typically shifts the estimate by 20 to 40 percent in either direction.
• A standard rate masks whether the project needs a Redis-queue specialist, a KSeF integration specialist, or a hexagonal-architecture refactor.

#Compliance and jurisdiction

• EU jurisdiction by default. Polish B2B, VAT invoice, governing law Polish or German depending on the client.
• GDPR as a baseline on every project handling personal data.
• NIS2 for backends serving sectors in scope (transport, energy, finance, health, digital infrastructure). Polish KSC transposition since 2026 binds essential and important entities, with personal liability for management failing to implement controls.
• DORA for EU financial entities, with ICT testing and third-party risk management requirements.
• OWASP Top 10 as the minimum on every project with authorisation.

The full NIS2 and DORA picture is in the NIS2 and DORA readiness pillar.

#Frequent client questions

#Do I need existing code to start?

No. Greenfield projects start with architecture (layers, modules, API contracts, data model), a runnable prototype, and the first line of code. The client has a working demo on staging by the end of the first week.

#Do you take subcontractor work from individual developers?

Yes, under specific terms. If a senior PHP consultant in the EU takes on a project beyond their reach (e.g., WooCommerce + KSeF + Polish couriers), I can deliver a slice as a subcontractor. B2B contract, NDA, clear code-and-responsibility boundaries.

#Do you know Laravel Octane, Swoole, RoadRunner?

Yes. I use Octane (with Swoole or RoadRunner) when the application has long-lived resources (e.g., large config tables loaded from the database) and PHP-FPM bootstrap cost dominates. It requires careful architecture because process state persists between requests.

#Do you migrate monolithic applications to microservices?

I migrate when the business actually needs microservices. Most of the time it does not. Most companies that split into 20 microservices end up with the same monolith, just over REST and with 20x more DevOps. Good monolith modularisation (bounded contexts, clear API) is usually cheaper and more resilient.

#How does code handoff work at project end?

Client repository, README documentation, ADR (architecture decision records) for every non-trivial decision, deployment runbook and emergency procedures, list of environment configs (no secrets). Technical handover session with the client team if there is one. Optional retainer after the project.

#Related services

This page covers the search intent for “PHP developer” and “hire PHP developer” focused on Laravel, Symfony, and custom backends. Related topics:

• Astro developer - frontend partner to a PHP backend.
• NIS2 and DORA readiness - compliance for regulated backends.
• MCP server development - Model Context Protocol servers for AI agents in PHP/TypeScript.
• Next.js developer - alternative frontend partner for Laravel/Symfony APIs.

The WordPress / WooCommerce stack has dedicated pillars:

• WordPress developer - WP core, hooks, filters, custom plugins.
• WooCommerce developer - dedicated e-commerce pillar.
• Headless WordPress - WP as backend, frontend in Astro or Next.js.

Related cluster

Explore other WordPress services and knowledge base

Strengthen your business with professional technical support in key areas of the WordPress ecosystem.

WordPress Developer

Custom WordPress engineering and architecture.

View service

WooCommerce Developer

Stores, checkout flow, and sales logic.

View service

Headless CMS Developer

Headless WordPress, Sanity, Strapi, and Contentful with Astro or Next.js.

View service

Astro Developer

Astro, MDX, edge delivery, and 100/100 performance.

View service

Speed Optimization

Core Web Vitals, caching, and faster delivery.

View service

Next.js / Astro Migration

Migration to Astro, Next.js, and headless WordPress.

View service

Related categories

wordpress technology architecture beginner

Supporting articles

WordPress development tutorial: themes, plugins and local setup

How to start as a WordPress developer in 2026. Local environment, theme and plugin development, REST API and headless paths, security and Core Web Vitals. A practitioner playbook that does not waste your first month.

WordPress 7.0 vs Astro 6 after Cloudflare acquisition - who wins in 2026?

WordPress 7.0 with AI Client vs Astro 6 after Cloudflare acquisition. Speed, cost, SEO and security comparison. My take after 20 years as a WP developer - when to migrate and when to stay.

EmDash vs WordPress, a feature-by-feature comparison for 2026

A detailed comparison table of EmDash CMS and WordPress across architecture, security, plugins, AI features, content model, hosting, and ecosystem maturity.

#Get in touch

Senior PHP developer, available for senior B2B projects. Tell me the scope, framework, and schedule. I reply within one working day.

Last updated: 2026-05-08