php.inifile is located at /usr/local/lib/php.ini. However, we strongly recommend using WHM's PHP Configuration Editor feature (Main >> Service Configuration >> PHP Configuration Editor) to edit PHP's configuration file. You must access the Advanced Configuration Editor to change many of the settings listed below.
Safe mode attempts to solve many of the problems associated with using PHP in a shared hosting environment.
It checks the user ID (
Note: This feature is deprecated as of PHP 5.3.0.
This parameter takes a comma-separated list of PHP functions you wish to disable. You will likely want to disable most or all of the PHP functions that have the ability to execute code remotely. You should take the time to talk to your developers and have them standardized on a particular function for shell operations as well.
|A comma-separated list of functions to disable.|
When register globals is enabled, attackers may be able to override configuration variables via the URL.
Disabling this option prevents PHP from printing run-time errors to HTML pages that it generates. Disabling this function still allows PHP to print errors to the appropriate error logs.
Disabling this option prevents attackers from opening remote files from your server via file inclusion vulnerabilities.
Disabling this option prevents attackers from including remote files from your server via file inclusion vulnerabilities.
If possible, we recommend turning off file uploads. This will prevent attackers from moving their scripts onto and off of your server. However, many times it is not possible to disable file uploads.
This parameter allows you to limit file operations to a specific directory. Attackers will often attempt to find ways to include local files in PHP scripts to gain information about your server's filesystem.
Note: This setting only affects servers using
This parameter allows PHP to check HTTP referrer values. This allows you to specify a domain, ensuring that session information is only passed internally during the time a user is working with a web application. This will prevent your users from accidentally exposing session information that may allow malicious users to follow links and steal a session.