PHP is the most widely used backend for most applications. Recently PHP 8.0 was launched with many new features. However, if your application is still on PHP 7.0 or an earlier version, there are a few steps you can take to help harden your PHP to achieve better security. This article shows you steps to configure PHP settings to decrease security issues with PHP 7 and below.
To check the PHP version, follow these steps:
If you are using the Paper Lantern theme, in the SOFTWARE section of the cPanel home page, click Select PHP Version:
cPanel displays the current PHP version. A2Hosting supports several PHP versions, starting at 4.4 to 8.0:
To help harden PHP for better security, follow the steps below to update the recommended PHP settings:
Remote content can be harmful at times, and it's best to set the configuration to allow fopen wrappers to only load local content. To allow fopen wrappers to only load local content and not open remote URLs,clear the allow_url_fopen and allow_url_include check boxes:
In the memory_limit list box, change the default memory limit from 768M to a lower memory limit. This limits the memory usage by any running scripts:
To change the default PHP version exposure clear the expose_php check box:
Error messages often contain information about the server and application, which is helpful for debugging, but also to hackers. Wes recommend not displaying any errors to end users in production code, and instead logging them for further troubleshooting. To harden error handling settings, do the following:
Clear the display_errors check box.
Set a path for the error_log setting and select the log_errors check box.
(Optional) Change the error_reporting level.
To set the maximum upload file size, in the upload_max_filesize list box select the maximum allowed size:
Subscribe to receive weekly cutting edge tips, strategies, and news you need to grow your web business.
No charge. Unsubscribe anytime.