How-To

Disabling dangerous PHP functions

Alex KondratievAlex Kondratiev

2 min read

A powerful language like PHP can give life and great functionality to your site but it can also destroy it. With this guide, we’ll help you disable some of the most dangerous PHP functions out there. It will prevent most PHP shells from doing what they do best as well as protect you from poorly coded applications.

We do this for our clients as part of our Server hardening package.

Updating PHP’s configuration file

Find the location of your php.ini file

php
1php -i | grep php.ini

Open that file and look for disable_functions directive and replace it with the following line:

php
1disable_functions = exec,system,passthru,readfile,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,dl,popen,parse_ini_file,show_source,curl_exec

Now save the changes and restart Apache:

shell
1/etc/init.d/httpd restart

If you want to make sure that it’s working, you can check with a php_info file or with

shell
1php -i | grep disable_functions

PHP Functions and Description

  • exec: Execute an external program
  • system: Execute an external program and display the output
  • passthru: Execute an external program and display raw output
  • readfile: Outputs a file
  • shell_exec: Execute command via shell and return the complete output as a string
  • escapeshellarg: Escape a string to be used as a shell argument
  • escapeshellcmd: Escape shell metacharacters
  • proc_open: Execute a command and open file pointers for input/output
  • proc_close: Close a process opened by proc_open() and return the exit code of that process
  • ini_alter: Alias of ini_set()
  • dl: Loads a PHP extension at runtime
  • popen: Opens process file pointer
  • parse_ini_file: Parse a configuration file
  • show_source: Alias of highlight_file()
  • curl_exec: Perform a cURL session
Alex Kondratiev

Alex Kondratiev

Founder of ITsyndicate. DevOps Enthusiast with 15+ years of experience in cloud, Infrastructure as Code, Kubernetes, and automation. Specialized in architecting secure, scalable, and resilient systems.

How to Run a Docker Container on Your Local Machine

This article is a quick, hands-on guide to running Docker locally. It walks through essential CLI commands for managing images and containers (build, pull, run, ps, start/stop, rm/rmi) and shows how to automate image creation with a Dockerfile. You’ll build an image, run a container with port mapping, verify it’s running, and learn tips for environment setup - everything you need to spin up and manage local containers efficiently.

A guide how to restart Kubernetes pods with kubectl

Even in well-designed Kubernetes environments, you may occasionally need to restart pods due to factors such as a cluster outage, a pod failure, or configuration changes.

Connecting to Docker Host from Docker Container

Learn how to connect from a Docker container to the Docker host. This capability can be handy for development tasks such as managing other containers, performing backups, or building a simple admin interface to manage them.

Plan the present.
Build the future.