Enhanced Security using php.ini

From FamilySearch Wiki
Jump to: navigation, search

If you are using a web hosting service you start out with their default settings. These are not always in your best interest. One area where it pays to tighten security a bit involves PHP. PHP is a program commonly used to enhance web pages. Even if you don't write programs yourself it is often used to write Blog, Wiki, CMS and other popular types of software packages that you may be using. Even if you are not running any of those (at this point one has to wonder why exactly you do have a web hosting service but we won't go there) PHP is often used by hackers to exploit weaknesses in vulnerable sites.

All you need to do is create a file called 'php.ini' in each of your public directories (basicly any in and under your public_html directory) and put the appropriate commands. The following example is by no means exhaustive but will give you an idea of what one looks like:

disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open
open_basedir = /your/systems/public_html
safe_mode = 0
register_globals = 0
allow_url_fopen = 0

This is a deep subject: see the following for more information:

Return to Genealogical Society Webmasters