Which function should be disabled/enabled in php.ini for web hosting servers?

Question

I have a VPS (Ubuntu 12.04) and I'm testing it for hosting services. Currently the VPS is running only one website for testing, so which function should be disabled/enabled in php.ini so that I can make it more secure?

Hosting Panel = Zpanel

OS = Ubuntu 12.04

Sorry, but it's impossible for us to give a blanket Answer. The way you use your server and secure it will dictate it's configuration. — Chris S, Mar 14 '13 at 13:16
well i have all basic server security setup & i have lots of function disabled in php.ini & may be i m missing something .....i have asked the so that you guys have more experience than me ... — Qasim, Mar 14 '13 at 15:08

score 0 · Accepted Answer · edited Mar 14 '13 at 13:27

0

I recommend:

safe_mode = On
expose_php = Off
Enable_dl= Off
magic_quotes = On
register_globals = off
display errors = off
disable_functions = system, show_source, symlink, exec, dl,
shell_exec, passthru, phpinfo, escapeshellarg,escapeshellcmd

But you might not want safe_mode = On. With safe_mode some PHP extensions are disabled, and some software doesn't work, such as Joomla and Drupal.

edited Mar 14 '13 at 13:27

w5m

151
8

answered Mar 14 '13 at 12:05

Manikandan

16

Please format so it is more readable. – vonbrand Mar 14 '13 at 12:42
1

@vonbrand there's an edit button under every post for a reason – Chris S Mar 14 '13 at 13:16

Which function should be disabled/enabled in php.ini for web hosting servers?

1 Answers1