Disable exec, shell_exec, system, popen and Other PHP Functions To Improve Security

PHP has a lot of functions which can be used to crack your server if not used properly. You can set list of functions in php.ini using disable_functions directive. This directive allows you to disable certain functions for security reasons. It takes on a comma-delimited list of function names.

Open a terminal application or login to your server over the ssh session using ssh command. Open php.ini file using a text editor such as vim command or nano command:

sudo nano /etc/php/8.0/fpm/php.ini

Find disable_functions and set new list as follows:

disable_functions =exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source

We also recommend to disable allow_url_include and allow_url_fopen for security reasons:


Restart PHP with command:

systemctl restart php8.0-fpm