Secure PHP Configuration: php.ini Settings for Production

Security · 19.04.2026
Secure PHP Configuration: php.ini Settings for Production 
display_errors = Off
expose_php = Off
open_basedir = /var/www/site/:/tmp/
disable_functions = exec,passthru,shell_exec,system,phpinfo
session.cookie_httponly = 1
session.cookie_secure = 1
session.cookie_samesite = Strict
open_basedir prevents PHP from reading files outside allowed directories, blocking Path Traversal and LFI attacks.
← Back to Knowledge Base Ask Support