This repository was archived by the owner on Jan 22, 2026. It is now read-only.

PHP security without php.ini

Jump to bottom

Binyamin Laukstein edited this page May 14, 2014 · 1 revision

If you can't apply recommended php.ini setting to your server, the alternative way to do is to add this lines in root .htaccess

# Security
php_flag  allow_url_fopen 0
php_flag  allow_url_include 0
php_flag  display_errors 0
php_flag  expose_php 0
php_flag  log_errors 1
php_flag  session.use_trans_sid 0
php_flag  short_open_tag 0
php_value error_log error_log.txt