Disable dangerous PHP functions on your web hosting server

Not dangerous by design, some PHP functions can be used for malicious purposes. Many web hosting providers choose to disable such functions.

apache_child_terminate
apache_get_modules
apache_note
apache_setenv
define_syslog_variables
disk_free_space
disk_total_space
diskfreespace
dl
escapeshellarg
escapeshellcmd
exec
extract
get_cfg_var
get_current_user
getcwd
getenv
getlastmo
getmygid
getmyinode
getmypid
getmyuid
ini_restore
ini_set
passthru
pcntl_alarm
pcntl_exec
pcntl_fork
pcntl_get_last_error
pcntl_getpriority
pcntl_setpriority
pcntl_signal
pcntl_signal_dispatch
pcntl_sigprocmask
pcntl_sigtimedwait
pcntl_sigwaitinfo
pcntl_strerrorp
pcntl_wait
pcntl_waitpid
pcntl_wexitstatus
pcntl_wifexited
pcntl_wifsignaled
pcntl_wifstopped
pcntl_wstopsig
pcntl_wtermsig
php_uname
phpinfo
popen
posix_getlogin
posix_getpwuid
posix_kill
posix_mkfifo
posix_setpgid
posix_setsid
posix_setuid
posix_ttyname
posix_uname
posixc
proc_close
proc_get_status
proc_nice
proc_open
proc_terminate
ps_aux
putenv
readlink
runkit_function_rename
shell_exec
show_source
symlink
syslog
system

To add the PHP functions to the PHP configuration using WHM:

  1. Log in to WHM/cPanel
  2. Go to Home->Software->MultiPHP INI Editor.
  3. Choose the Editor Mode tab.
  4. From the drop-down list choose the PHP version.
  5. In the configuration window that will be opened, search for “disable_functions”.
; This directive allows you to disable certain functions for security reasons.
; It receives a comma-delimited list of function names. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
; http://php.net/disable-functions
disable_functions =

Add the above functions as:

; This directive allows you to disable certain functions for security reasons.
; It receives a comma-delimited list of function names. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
; http://php.net/disable-functions
disable_functions ="apache_child_terminate,apache_get_modules,apache_note,apache_setenv,define_syslog_variables,disk_free_space,disk_total_space,diskfreespace,dl,escapeshellarg,escapeshellcmd,exec,extract,get_cfg_var,get_current_user,getcwd,getenv,getlastmo,getmygid,getmyinode,getmypid,getmyuid,ini_restore,ini_set,passthru,pcntl_alarm,pcntl_exec,pcntl_fork,pcntl_get_last_error,pcntl_getpriority,pcntl_setpriority,pcntl_signal,pcntl_signal_dispatch,pcntl_sigprocmask,pcntl_sigtimedwait,pcntl_sigwaitinfo,pcntl_strerrorp,pcntl_wait,pcntl_waitpid,pcntl_wexitstatus,pcntl_wifexited,pcntl_wifsignaled,pcntl_wifstopped,pcntl_wstopsig,pcntl_wtermsig,php_uname,phpinfo,popen,posix_getlogin,posix_getpwuid,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,posix_ttyname,posix_uname,posixc,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,ps_aux,putenv,readlink,runkit_function_rename,shell_exec,show_source,symlink,syslog,system"

Click the Save button.

  • disable php function
  • 1 Users Found This Useful
這篇文章有幫助嗎?

相關文章

How to access server via Remote Desktop (RDP)?

Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, which provides a...

How to install Let’s Encrypt on CentOS 7 with Apache?

Today, we will show you, How to install Let’s Encrypt on CentOS 7 with Apache. Let’s Encrypt is a...

Domains are not showing in WHM -> List accounts

We were unable to see any domains listed under WHM -> List Accounts. However, we can see the...

HOW TO INSTALL LITESPEED WEB SERVER IN LINUX SERVER?

Litespeed Cache is useful to increase high performance for your Wordpress Website. Following are...

Remove ONLY_FULL_GROUP_BY in my.cnf file

Remove ONLY_FULL_GROUP_BY in my.cnf file First you need to find my.cnf file location and then...