How to disable functions in PHP

Some PHP functions pose security risks if left enabled, such as the exec() function, which can execute system commands. Disabling specific functions can prevent unauthorized actions, reducing vulnerabilities in your server environment. This is especially important in shared hosting scenarios, where multiple users might have access to the system.

The disable_functions directive in the php.ini file allows you to list the functions you want to disable. This approach restricts the use of potentially harmful functions, ensuring a more secure PHP environment. By controlling which functions are accessible, you can minimize the chances of exploitation or malicious activity.

To disable functions, you need to edit the php.ini file, modify the disable_functions directive, and restart the web server. This process strengthens your server's security posture by limiting the functionality available to potentially untrusted code.

Steps to enable and disable PHP functions:

Open PHP configuration file using your preferred text editor.
```
$ sudo vi /etc/php/7.2/apache2/php.ini
```
Related: PHP configuration files

Locate the disable_functions directive in the file.

; This directive allows you to disable certain functions for security reasons.
; It receives a comma-delimited list of function names.
; http://php.net/disable-functions
disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,

Add functions to disable, separated by commas(,) or remove existing functions to enable.

; This directive allows you to disable certain functions for security reasons.
; It receives a comma-delimited list of function names.
; http://php.net/disable-functions
disable_functions = date,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,

Save the changes to the php.ini file.
Restart the web server to apply the changes.
```
$ sudo systemctl restart apache2
```
Related: How to manage the Apache web server service
Verify that the functions have been successfully disabled.

Related: How to show disabled functions in PHP

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is an experienced cloud architect with a strong development and open-source advocacy background. He boasts multiple certifications in AWS, Red Hat, VMware, ITIL, and Linux, underscoring his expertise in cloud architecture and system administration.

Discuss the article:

Comment anonymously. Login not required.