Php Ini Configuration for WordPress Websites

Php Ini Configuration

Php Ini Configuration

By changing some value of php.ini file we can increase memory limit and other configurations. File location is C:\xampp\apache\bin\php.ini for XAMPP. For online you will get Under Public_Html. By default it may not exist in Public_Html. So you can create a empty php.ini file here for configuration

Definition of php.ini Settings

expose_php = Off: hide php code and version. Hide your PHP code from being viewed from a browser or scraped from a bot.

allow_url_fopen = On : disables retrieving data from remote locations using php ftp or http proto

allow_url_include = Off: disables attaching files to urls that can be written back into the database

display_errors = Off : Disable displaying errors to screen

log_errors = on: Enable writing errors to server logs

enable_dl = Off: enable_dl is on by default and allows open_basedir restrictions, which limit the files a script can access, to be ignored. For that reason, it’s a dangerous option and should be explicitly turned off.

file_uploads = On: allows wordpress uploads

max_execution_time = 30: Kills processes that are stuck or taking longer than 30 seconds to complete. Uploading video or audio can take longer that 30 seconds.

max_input_time = 30: Kills processes that are stuck or taking longer than 30 seconds to complete. Adjust this to fit your needs. Uploading video or audio can sometimes take longer that 30 seconds.

memory_limit = 40M: Kills processes that are stuck or taking longer than 30 seconds to complete. Adjust this to fit your needs. Uploading video or audio can sometimes take longer that 30 seconds.max_input_vars = 1000

post_max_size = 516M : It is maximum file upload size

session.gc_maxlifetime = 1440: This value 1440 seconds defines how long an unused PHP session will be kept alive. E.g. A user logs in, browses through your application or web site, for hours, for days. No issue. As long as the time between his clicks never exceed 1440 seconds. 

session.save_path = “/var/cpanel/php/sessions/ea-php72”

upload_max_filesize = 512M: It is maximum file upload size

zlib.output_compression = Off : The zlib extension offers the option to transparently compress your pages on-the-fly, if the requesting for browser supports this

session.cookie_httponly = off: Javascript Cookie Protection. If an attacker can manages to inject Javascript code for stealing user’s current cookies – the document.cookie string – the HttpOnly cookie you have set won’t show up in the list.

disable_functions=exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source : disabling dangerous PHP functions. Disable these most vulnerable to attack server functions that are rarely used

base64_decode = Off : turn base64 garbage off. Lots of bad thing hide in encrypted code and Base64 is the garbage of the internet. This will block any Base64 code from even running. Protecting you from a world of hidden virus and back door payloads. As an added bonus, lots of the themes in the WordPress theme gallery chooser are full of encrypted footers with author links, logos and nags to buy something. This will weed out those crap themes because they won’t work at all.

Php Ini Configuration 1 (Standard)

By default, it will not be present. Sometimes that file needs to be created to add the PHP extension values to it. There are disadvantages. Advantages are like if the file is created you can add the PHP extension codes like increasing memory limit, execution time etc which is required by WordPress.

allow_url_fopen = On
allow_url_include = Off
display_errors = Off
enable_dl = Off
file_uploads = On
max_execution_time = 90
max_input_time = 90
max_input_vars = 1000
memory_limit = 512M
post_max_size = 516M
session.gc_maxlifetime = 1440
session.save_path = “/var/cpanel/php/sessions/ea-php72”
upload_max_filesize = 512M
zlib.output_compression = Off

Php Ini Configuration 2 (Infected)

This is and infected configuration file of my hdsqrn site. Error Message was no input file specified. It can be solved according to configuration of Php Ini Configuration 1 (Standard)

allow_url_fopen = On
allow_url_include = Off
display_errors = Off
enable_dl = Off
file_uploads = On
max_execution_time = 30000
max_input_time = 60000
max_input_vars = 50000
memory_limit = 8192M
post_max_size = 8192M
session.gc_maxlifetime = 1440
session.save_path = “/var/cpanel/php/sessions/ea-php72”
upload_max_filesize = 4096M
zlib.output_compression = Off

Php Ini Configuration 3 (XAMP Standard)

Default Value : memory_limit = 128M
Expected value : memory_limit = 256M
max_execution_time = 600
max_input_time = 600
memory_limit = 1024M
post_max_size = 1024M
max_allowed_packet = 1024M

How to Protect php.ini File

Paste the following code into the bottom of the file and then click save . As a result your php.ini file will be protected. This change prevents php hackers from finding exploits on your site.

According to bluehost

<Files php.ini>
Order allow,deny
Deny from all
</Files>

According to inmotionhosting

Find your .htaccess file and edit it with a code editor. Place the following code in your .htaccess.

<filesMatch “.(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$”>  Order Allow,Deny  Deny from all </filesMatch>

About Engr. Kh. Mashiur Rahman

He is Top Class Digital Marketing Expert in bd based on Google Yahoo Alexa Moz analytics reports. He is open source ERP Implementation Expert for RMG Industry. He is certified IT Professional from Aptech, NCC, New Horizons & Post Graduated from London Metropolitan University (External) in ICT . To Hire his service and Him Email- sales@autogarment.com, Cell# +880 1792525354

Similar Post

How to Edit & Configure User.ini File WordPress

How to Edit & Configure User.ini File WordPress ; cPanel-generated php ini directives, do not …

Leave a Reply

%d bloggers like this: