How to Disable the PHP Dangerous Functions in cPanel & WHM?

admin-img By Manvinder Singh

banner-img PHP is stated as the server scripting language that is a vital part of web development. However, it comes with a set of functions that can result in serious security risks to your website and server if misused. Therefore, turning off these dangerous functions is vital in securing your PHP environment. In this blog, we will assist in turning off the dangerous PHP functions in cPanel & WHM.

Why Disable Dangerous PHP Functions in cPanel and WHM?

Users can misuse various PHP functions to add arbitrary code, manipulate files, and perform other harmful actions. Therefore, turning off these functions can minimize the risk of the threats and improve the security of your web server.

Key Reasons Why You Need to Turn off Dangerous PHP functions in cPanel and WHM

1. Prevent Code Execution Attacks

Certain PHP functions enable the execution of arbitrary code on the server. If attackers gain access to your applications, they should use these functions to execute malicious code, which can lead to complete server compromise. Also, functions like exec (), shell_exec(), system(), pass-thru (), and eval() are particularly risky because they can run any command that the server's user account has permission to execute.

2. Avoid File Manipulation

Functions such as open (), write (), and unlink() enable PHP scripts to manipulate the files on the server. These functions can be exploited to read sensitive files, modify essential data, or delete crucial files, causing data loss and service disruptions.

3. Application Security

By turning off dangerous functions, you can reduce the attacks on your application's surface. Even if an attacker finds a vulnerability in your application, the absence of these functions limits what they can do, thus protecting the confidentiality and integrity of your data.

4. Regulatory Compliance

Regulatory compliance often requires stringent security measures for businesses handling sensitive data, such as financial or personal information. Turning off dangerous Functions on PHP can help meet compliance requirements for standards like PCI DSS, GDPR, and HIPAA, which mandate the protection of sensitive information.

Steps to Disable PHP dangerous functions in cPanel & WHM

1. Log in to WHM: Access your WHM dashboard using your credentials. MicrosoftTeams-image-49 2. Navigate to PHP Configuration Editor: In WHM, you can search for "MultiPHP INI " in the search bar or find it under the "Service Configuration" section. MicrosoftTeams-image-50 3. Select PHP Version: Choose the PHP version you want to modify. It's recommended to apply changes to the PHP version your website is using. MicrosoftTeams-image-51 4. Modify PHP Settings: In the PHP Configuration Editor, you'll see a list of PHP directives and their current values. Look for the disable_functions directive. MicrosoftTeams-image-52 5. Save Changes: After making the necessary changes, scroll down and click on the "Save" button to apply the new PHP configuration.

6. Restart PHP: Depending on your server setup, you may need to restart PHP for the changes to take effect. You can do this via the "Restart PHP-FPM" option in WHM. That's it! You've successfully disabled dangerous PHP functions in cPanel/WHM. Make sure to thoroughly test your website after making these changes to ensure everything is functioning as expected.

Summing up

Disabling Dangerous PHP functions is a proactive security measure that mainly reduces the exploitation risk. By limiting the capabilities of PHP scripts, you can protect your applications and server from a range of potential attacks, including code execution, privilege escalation, and file manipulation.

Frequently Asked Questions

Q 1 . What is a PHP function?

Ans. A PHP function can be stated as the reusable block code that performs a specific task. Functions help to organize and modularize code, making it more maintainable, readable, and efficient. PHP provides many built-in functions, and you can create personalized ones.

Q 2 . How to stop functions in PHP?

Ans. To stop or disable PHP functions, You can use the return statement to stop a function's execution prematurely. The return statement immediately exits the function and can optionally return a value.

Q 3 . How do you disable the PHP error log cPanel?

Ans. To disable the PHP error log in cPanel, follow these steps:
1. Log in to cPanel: Access your cPanel account.
2. Go to MultiPHP INI Editor: Find the "MultiPHP INI Editor" under the " Software" section.
3. Select a PHP Version: Choose the PHP version you are using.
4. Edit Error Log Settings:
5. Find the log_errors directive.
6. Could you set it to Off?
7. Find the error log directive and ensure it is either empty or set to a non-existent file path.
8. Apply Changes: Save your changes by clicking the "Apply" button.  

Q 4 . How do you turn off PHP warnings in PHP?

Ans. You can modify the error reporting settings in your PHP configuration or script to turn off PHP warnings.
In the php.ini File:
Access php.ini: Edit your php.ini file (you might need root access or contact your web hosting provider).
Modify Error Reporting: Set the error reporting directive.
Restart Server: Restart your web server to apply the changes.

Q 5 . How Do I Ignore All Warnings in PHP?

Ans. To ignore all warnings, you can set the error reporting level to exclude warnings using the error_reporting function or modifying the php.ini file.

autor-img

By Manvinder Singh

Manvinder Singh is the Founder and CEO of HostingSeekers, an award-winning go-to-directory for all things hosting. Our team conducts extensive research to filter the top solution providers, enabling visitors to effortlessly pick the one that perfectly suits their needs. We are one of the fastest growing web directories, with 500+ global companies currently listed on our platform.