Search the Community
Showing results for tags 'how-to'.
Found 1 result
I run a small Apache based web-server for my personal use, and it is shared with friends and family. However, most script kiddie try to exploit php application such as WordPress using exec(), passthru(), shell_exec(), system() functions. How do I disable these functions to improve my php script security? PHP has a lot of functions which can be used to crack your server if not used properly. You can set list of functions in php.ini using disable_functions directive. This directive allows you to disable certain functions for security reasons. It takes on a comma-delimited list of function names. disable_functions is not affected by Safe Mode. This directive must be set in php.ini file. For example, you cannot set this in httpd.conf file. Open a terminal or login to your server over the ssh session. Open php.ini file: Find disable_functions and set new list as follows: I also recommend to disable allow_url_include and allow_url_fopen for security reasons: Save and close the file. Restart the httpd server by tying the following command: OR if you are using Debian/Ubuntu Linux, run: A note about systemd based system If you are using systemd + RHEL/CentOS/Fedora Linux based system, enter: If you are using systemd + Debian/Ubuntu Linux based system, enter: