How to disable PHP functions in WHM panel?

introduction

The security of the servers is very critical to the hosting environment. While the majority of the PHP functions are safe, there are those that can be exploited by hackers to commit malicious acts. Although these functions do not pose any harm by their original design, it is quite a good habit to turn them off. These may be potentially unsafe PHP functions, which can be turned off in the WHM panel via the MultiPHP INI Editor.

Why Disable Certain PHP Functions?

Certain PHP functions allow scripts to execute system commands or access server information that should remain hidden. Hackers often target these specific functions that they want to have unauthorized access to or control of the server. These functions can be blocked by putting the disable_functions directive in the PHP configuration file. This significantly enhances the general security position of your server.

Steps to Disable PHP Functions in MultiPHP INI Editor

WHM requires complete root access to make changes in the global PHP configuration files. These are the steps to be followed to disable the unwanted functions.

      1. Log in to WHM Root Account

You must begin by accessing your WHM (Web Host Manager) panel. Log in using your complete root access credentials to gain administrative control.

       2. Select the Software Option

After you have logged in, locate the option of Software option in the main navigation menu. This will open the software and environment management tools.

       3. Click on MultiPHP INI Editor

Within the Software section, find and click MultiPHP INI Editor. This is the interface where you can make changes to the configuration settings of the various PHP versions.

       4. Access Editor Mode and Select Version

The MultiPHP INI Editor panel will open.

• Open Editor: Click to open the Editor Mode.
• Select PHP Version: In the dropdown list labeled Edit the INI settings of a PHP version, select the specific PHP version you want to configure.

The directives, which are the full INI settings for that selected PHP version, will now appear.

       5. Find the disable_functions Directive

You need to quickly locate the specific line for disabling functions.

• Open Find Box: Press Ctrl+f on your keyboard to bring up the browser’s “find-box.”
• Search: Enter disable_functions into the search box.

The browser will highlight the directive where you can list the functions to disable.

       6. Enter the Functions to Disable

You must now enter the list of potentially unsafe functions you want to block.

• Enter Functions: Copy or type the PHP functions you want to disable into the field for
  disable_functions. The functions must be separated by commas, following this syntax:
  disable_functions = “function1,function2,function3,etc.”

For comprehensive security, here is an example list of functions often recommended for disabling:

disable_functions = “apache_child_terminate,apache_get_modules,apache_note,apache_setenv,define_syslog_variables,disk_free_space,disk_total_space,diskfreespace,dl,escapeshellarg,escapeshellcmd,exec,extract,get_cfg_var,get_current_user,getcwd,getenv,getlastmo,getmygid,getmyinode,getmypid,getmyuid,ini_restore,ini_set,passthru,pcntl_alarm,pcntl_exec,pcntl_fork,pcntl_get_last_error,pcntl_getpriority,pcntl_setpriority,pcntl_signal,pcntl_signal_dispatch,pcntl_sigprocmask,pcntl_sigtimedwait,pcntl_sigwaitinfo,pcntl_strerrorp,pcntl_wait,pcntl_waitpid,pcntl_wexitstatus,pcntl_wifexited,pcntl_wifsignaled,pcntl_wifstopped,pcntl_wstopsig,pcntl_wtermsig,php_uname,phpinfo,popen,posix_getlogin,posix_getpwuid,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,posix_ttyname,posix_uname,posixc,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,ps_aux,putenv,readlink,runkit_function_rename,shell_exec,show_source,symlink,syslog,system”

        7. Click Save

Once you have entered the entire list, select the Save button at the bottom of the page.

WHM will present a successful message that the PHP functions have been disabled in the chosen PHP version.

Cantech’s Features in Server Hardening

A hardened and secure hosting environment is the focus of Cantech. Our hosting solutions provide root access to WHM. This enables you to customize important security options, such as the MultiPHP INI Editor. We give you the ability to easily switch off potentially unsafe PHP functions. This guarantees that your server is defended against common exploitation attempts.

Conclusion

One of the basic things that one can do to secure his/her web hosting server is to disable potentially dangerous PHP functions with the help of the MultiPHP INI Editor. Including these functions in the disablefunctions list, you will greatly reduce the risk of malicious activity. This simple administrative measure assists in keeping a healthy and secure hosting atmosphere.

Frequently Asked Questions

What does the disable_functions directive do?

The disable_functions directive in the PHP configuration file tells the PHP interpreter to ignore and not execute any function that is listed in its value. This effectively blocks those functions from running.

Is it safe to disable all PHP functions listed in the example?

The functions listed are generally considered potentially unsafe because they can execute system commands or expose server information. This is a good security measure, but you need to verify that none of them are needed by applications that are necessary to you.

Do I have to repeat this process for every PHP version?

Yes, you must repeat this process for every single PHP version running on your server. Each PHP version maintains its own separate configuration file.

Where is the MultiPHP INI Editor located in WHM?

You can find the MultiPHP INI Editor by logging into WHM. Then navigate to the Software section in the main navigation menu.

What command should I use to quickly find the setting in the editor?

You should use the browser’s built-in find function by pressing Ctrl+f and then typing disable_functions into the search box that appears.