Solution 1:

Since a WAMP stack itself is composed of apache, mysql and php, then what's the difference between using the WAMP stack and installing them all separately?

There are many differences, though the three most troubling ones are:

  1. insecure configuration
  2. difficulty and lag in upgrades
  3. non-standard configs/binary locations

To expand on #1: WAMP, MAMP, LAMPP, XAMPP, etc. are designed to be one-click stack installers that make it easy for developers to get to work quickly and with the least resistance possible. As such, many of the configuration values are intentionally left in a very insecure state. This is OK for development work, but incredibly stupid to do in production.

Then, for #2, OS vendors make it very easy to keep your LAMP stack upgraded with the most recent feature updates and security patches. When their packages get released to their official repos, they've been through much testing and the chances of them breaking anything on your system are fairly low. In the vast majority of the time, you're able to upgrade everything with a single command.

Finally, #3: one-click installers place their files in very non-standard locations. As such, when you (or anyone else) go to troubleshoot things, you're left searching all over your filesystem for, say, your php.ini file. When you install a LAMP stack from your distribution's package repo, everything will be in an expected, well-known location.

Solution 2:

First of all, apache, php, and MySQL are all *nix applications ported to Windows. It's usually preferred to run tools on their native platforms in production environments.

Secondly, pre-configured *AMP packages generally have extremely vulnerable configurations out of the box. Most packages ship with a readme stating that they're only for dev use and not for production because of this.

If you really want to develop in an environment that mimics production, you'll use a configuration similar to your production environment and you don't get that with WAMP or LAMP packages.

Solution 3:

If the question is - using Windows as my platform, why would some people tell me to install Apache, PHP, and MySQL separately rather than as part of a WAMP distribution...

The main reason is that some people have had a negative experience using a "everything including the kitchen-sink" type WAMP distributions that comes with a FTP Server, Mail Server, JSP Server, DNS Server, have issues with upgradability, security ... and that generally make a mess of things.

And at the end of the day, those people would rather install and configure Apache, PHP, and MySQL their own way. And others probably think you'll gain more experience doing it all yourself.

But not all WAMPs are like this, and some are highly though-out frameworks that deal with security, upgradability, and configurations in a proper manner.

There are about a dozen or so WAMPs that you can test, to see how they stack against each other. I always recommend to try out - WampServer, UniformServer, Wamp-Developer Pro, and Xampp to see if one of them fits your needs, and if not, to either set up your own custom WAMP installation/framework, or go with a LAMP environment.

Solution 4:

An answer directly from XAMPP. (I share, even if not a direct xampp question, as it's listed as a canonical question for AMPP's stack)

Is XAMPP production ready?

XAMPP is not meant for production use but only for development environments. The way XAMPP is configured is to be open as possible to allow the developer anything he/she wants. For development environments this is great but in a production environment it could be fatal.

Here a list of missing security in XAMPP:

    The MySQL administrator (root) has no password.
    The MySQL daemon is accessible via network.
    ProFTPD uses the password "lampp" for user "daemon".
    PhpMyAdmin is accessible via network.
    The XAMPP demopage is accessible via network.
    The default users of Mercury and FileZilla are known.

All points can be a huge security risk. Especially if XAMPP is accessible via network and people outside your LAN. It can also help to use a firewall or a (NAT) router. In case of a router or firewall, your PC is normally not accessible via network. It is up to you to fix these problems. As a small help there is the "XAMPP Security console".

Please secure XAMPP before publishing anything online. A firewall or an external router are only sufficient for low levels of security. For slightly more security, you can run the "XAMPP Security console" and assign passwords.

If you want have your XAMPP accessible from the internet, you should go to the following URI which can fix some problems:

 http://localhost/security/

With the security console you can set a password for the MySQL user "root" and phpMyAdmin. You can also enable a authentication for the XAMPP demopages.

This web based tool does not fix any additional security issues! Especially the FileZilla FTP server and the Mercury mail server you must secure yourself.