Title: Creating php.ini Last modified: October 31, 2016 --- # Creating php.ini * Resolved [aCstudent](https://wordpress.org/support/users/acstudent/) * (@acstudent) * [9 years, 7 months ago](https://wordpress.org/support/topic/creating-php-ini/) * Thank you for this great plugin WebFactory. It pointed out multiple vulnerabilities, some of which I was able to fix, others I am able to live with. Two that I would like to fix but cannot seem to figure it out involve php.ini: (1) Server response headers contain detailed PHP version info; and (2) expose_php PHP directive is turned on. * I went to cPanel file manager, no php.ini anywhere. Created it in my root directory/ home/[my-cPanel-username], with these two lines: expose_php = off allow_url_include = off * No luck. Added this to my htaccess: suPHP_ConfigPath /home/[my-cPanel-username]/ php.ini Still no luck. Any advice will be gratefully appreciated. Viewing 4 replies - 1 through 4 (of 4 total) * [WebFactory](https://wordpress.org/support/users/webfactory/) * (@webfactory) * [9 years, 7 months ago](https://wordpress.org/support/topic/creating-php-ini/#post-8378429) * Hi, thank you for the kind words! * Let’s first try without `php.ini` 🙂 Do you have a “PHP Configuration” icon in your cPanel? If so, click and try adjusting those params via the GUI. * Thread Starter [aCstudent](https://wordpress.org/support/users/acstudent/) * (@acstudent) * [9 years, 7 months ago](https://wordpress.org/support/topic/creating-php-ini/#post-8379626) * Yes, a PHP Configuration icon is there. It lists several settings, but not these. Also it is read-only: “Your server’s administrator can customize these PHP configuration settings. The system displays them for your reference only.” There is also a PHP Selector that lists a number of extensions with check boxes. Do not see expose_php or allow_url_include there either. * Thread Starter [aCstudent](https://wordpress.org/support/users/acstudent/) * (@acstudent) * [9 years, 6 months ago](https://wordpress.org/support/topic/creating-php-ini/#post-8382073) * Looks like my host does not allow custom php.ini. I was able to turn off allow_url_include in htacceess… php_flag allow_url_include off * I can’t seem to turn off expose_php, but I found a work-around at [https://perishablepress.com/expose-php/](https://perishablepress.com/expose-php/)… RewriteCond %{QUERY_STRING} PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[ 0-9a-f]{12} [NC] RewriteRule .* – [F] * Security Ninja still correctly flags expose_php as being on, but the easter eggs and detailed PHP info response is blocked. * So, I think I’m good. Thank you again for this awesome plugin. * [WebFactory](https://wordpress.org/support/users/webfactory/) * (@webfactory) * [9 years, 6 months ago](https://wordpress.org/support/topic/creating-php-ini/#post-8382620) * You’re welcome! Glad you managed to find a workaround 🙂 Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘Creating php.ini’ is closed to new replies. * ![](https://ps.w.org/security-ninja/assets/icon-256x256.gif?rev=2312630) * [Security Ninja – WordPress Security & Firewall](https://wordpress.org/plugins/security-ninja/) * [Frequently Asked Questions](https://wordpress.org/plugins/security-ninja/#faq) * [Support Threads](https://wordpress.org/support/plugin/security-ninja/) * [Active Topics](https://wordpress.org/support/plugin/security-ninja/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/security-ninja/unresolved/) * [Reviews](https://wordpress.org/support/plugin/security-ninja/reviews/) * 4 replies * 2 participants * Last reply from: [WebFactory](https://wordpress.org/support/users/webfactory/) * Last activity: [9 years, 6 months ago](https://wordpress.org/support/topic/creating-php-ini/#post-8382620) * Status: resolved