Some PHP functions could be a security risk if allowed in a system. These functions include exec(), which could be used to execute shell commands in a system if exploited.

You can disable PHP functions as a way to harden your PHP environment or if you're running a shared hosting where some functions could be a security problem.

Steps to enable and disable PHP functions:

  1. Open PHP configuration file using your preferred text editor.
    $ sudo vi /etc/php/7.2/apache2/php.ini
  2. Search for disable_functions directive.
    ; This directive allows you to disable certain functions for security reasons.
    ; It receives a comma-delimited list of function names.
    ; http://php.net/disable-functions
    disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
  3. Add functions to disable, separated by comma(,) or remove existing functions to enable.
    ; This directive allows you to disable certain functions for security reasons.
    ; It receives a comma-delimited list of function names.
    ; http://php.net/disable-functions
    disable_functions = date,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
  4. Restart web server for the change to take effect.
    $ sudo systemctl restart apache2
  5. Check if function successfully disabled.
Discuss the article:

Comment anonymously. Login not required.