On the Paragon Initiative blog there's a new article posted that wants to help you pick the right cryptography library for your project and your needs. In it they make several recommendations and the benefits of each.
Cryptography is not magic. Adding encryption to an application doesn't automatically make it secure against attackers (especially if you aren't authenticating your ciphertext). But if you do need it to satisfy a business need, conventional wisdom states that you almost certainly should not try to design your own cryptography. Instead, you should use an existing cryptography library.
Okay, great. So which PHP cryptography library should I use? That depends on your exact requirements. Let's look at some good choices. (We won't cover any terrible choices.)
The three libraries they recommend are: Halite, the Libsodium library, the Defuse Security PHP Encryption library and the PHPSecLib library. For each they make some recommendations on places they may be most effective and how it using them relates to passwords (hint, hashing over encryption).