This guide will walk you through disabling potentially dangerous functions in your server’s php.ini settings.
Why Disable Certain PHP Functions?
PHP is a powerful scripting language, but some of its functions can pose significant security risks if not managed properly. Functions like exec, system, and shell_exec can allow an attacker to execute arbitrary commands on your server, leading to severe security breaches. By disabling these functions, you reduce the attack surface and enhance the security of your server.
Steps to Edit the php.ini Configuration
To disable these functions, follow the steps below:
1- Open Settings:
In the left sidebar of your Enhance control panel, navigate to Settings.
2- Select Service :
Under Settings, click on Service.
3- Scroll to the Application Section:
Locate the Application section and find php.ini.
4- Add the Directive:
Click on Add directive to include a new directive in the php.ini settings.
5- Set the disable_functions Directive:
In the directive field, enter disable_functions.
For the value, select Text then paste the following list of functions in text field:
exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname,pcntl_exec,expect_popen
6- Save Your Changes:
After entering the directive , click Save to apply the changes.
Disabling these functions will prevent their usage across all PHP scripts running on your server, adding an extra layer of security.
Bonus Tip: Additional Functions to Disable
For even greater security, consider disabling the escapeshellarg and escapeshellcmd functions. These functions can be used to manipulate shell commands, so disabling them adds another layer of protection. However, be cautious if you have a WHMCS installation, as disabling these functions might cause warnings or errors.
If you’re using the Enhance control panel, you can easily override the default php.ini settings on a per-website basis. This allows you to keep these functions disabled globally while enabling them only for sites that require them, such as WHMCS.
Conclusion
Securing your server involves more than just basic configurations—disabling risky PHP functions is a critical step. For complete protection, try our cPFence security software, tailored specifically for Enhance servers. With features like advanced firewall management and real-time monitoring, cPFence offers robust protection.
Get started with a 1-month free trial at this link and enhance your server’s security today!
No comment