Well, you can always pull out the PHP code. There would be a desire. A little desire. The question is different - to whom and why it may be needed. Make a list for yourself in your head. megakullhackers with nicknames "batman", "killer killer" and other Black Cloaks can not be taken into account. They don't even know what a hash is, let alone how to use it.
Realistically assess the situation, who and why can try to hack.
After you do this, use the normal security methods - with database encryption, https connection and so on. Also not a panacea, but at least somehow. If the resource is serious and its hacking is fraught with really serious problems, connect a TACACS + server for authentication and authorization, do not forget about https with the latest version of SSL, and maybe even set up a VPN. Those. you connect to the server via VPN, from there you connect to the site with all this https and TACACS.
And never ask such questions again. The maximum paranoia in the field of IT security is one of the professional deformations of a good administrator, allowing him to get good money, and he and his management to sleep peacefully.

basic http authentication

Considering that the comparison of the GET parameter with the standard will most certainly not be performed in constant time, you can try to extract the hash by estimating the server response time.