How to disable dangerous PHP Functions?

steitieh

Well-known member
Joined
Apr 23, 2014
Messages
113
Points
18
I read that we should disable dangerous PHP functions like exec, passthru, shell_exec, system..etc to stop hackers from running them on our hosting.
How to do this in any hosting control panels or on a Linux hosting?
 

UnderHost

Member
Registered
Joined
Sep 5, 2016
Messages
42
Points
8
Open a terminal or login to your server over via SSH. Open php.ini file:

If you're not sure where your PHP files is located use;

Code:
php -i | grep php.ini
Then edit the files;

Code:
vi /etc/php.ini
Find disable_functions and set new list as follows:

Code:
disable_functions =exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source
I also recommend to disable allow_url_include and allow_url_fopen for security reasons:

Code:
allow_url_fopen=Off
allow_url_include=Off
Save and close the file. Restart the httpd server by tying the following command:

Code:
service httpd restart
 
Recommended Threads
Replies
2
Views
1,828
Replies
2
Views
3,610
Replies
1
Views
2,305
fwh

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top