Plugin Author
AITpro
(@aitpro)
Check your web host’s help pages for how to create a custom php.ini file. There are 1,000’s of possible combinations with the 5000,000+ web hosts worldwide. So this is not a “one size fits all” kind of thing. π Your web host may require that you add php/php.ini handler htaccess code in your root htaccess file or some other specific requirement for your particular web host.
Once you get the exact specific php/php.ini file setup for your specific web hosts then…
If you are on a Shared hosting server then you need to wait at least 15 minutes for any php.ini file changes to take effect or your host may allow you to kill system processes in your web host control panel to speed up that server refresh waiting period. If you have Dedicated or VPS hosting then you need to reboot your server for php/php.ini file changes to take effect.
Plugin Author
AITpro
(@aitpro)
I just noticed this – “I create a phpinfo.php in public_html to check and it does show that both are off. But BPS system info show on.”. There are 2 Directive Field values: Local Value and Master Value. Local Value is your local website values and Master Value is your default host server values. In some cases the web host overrides the Local Value and forces the Master Value. If that is occurring the BPS will not be able to accurately display the correct directive values for PHP Allow URL fopen: On and PHP Expose PHP: On.
Thread Starter
imtino
(@imtino)
So in this case, I can just ignore BPS system info?
Plugin Author
AITpro
(@aitpro)
Yep, if the php.ini directive settings are actually correct then just ignore the directive values on the BPS System Info page.
Thread Starter
imtino
(@imtino)
As, I mentioned in the OP that the phpinfo.php in public_html showed:
PHP Allow URL fopen: Off
PHP Expose PHP: Off
Does that mean it’s correct? I am not sure which is the more accurate one the phpinfo.php in public_html or BPS System Info.
Plugin Author
AITpro
(@aitpro)
The best way to check if those php.ini directives are correct is to create some code that tests if they are working or not. Unfortunately, you will not be able to use standard checking/testing code, which BPS is already using and will have to actually create code that uses url fopen. Example: This gitHub testing code will not tell you anything because you do not know if your server is overriding things or doing some other non-standard php config stuff >>> https://gist.github.com/juanramon/921538
You would need to create some testing code such as this instead:
http://php.net/manual/en/function.fopen.php
$handle = fopen("http://www.example.com/", "r");
Thread Starter
imtino
(@imtino)
Anyways, is it important to have these off:
PHP Allow URL fopen: Off
PHP Expose PHP: Off
It’s in red and that’s why I’m concerned. I am trying to get rid of all the red ones in BPS System Info.
Plugin Author
AITpro
(@aitpro)
The BPS System Info page uses this standard php.ini directive checking code below, which is the optimum recommended way to check these php.ini directive values by PHP.net the creators of the PHP server code. I have come across some web hosts that are doing something unusual and non-standard with php Local and Master Values. In your particular case it would be best to contact your web host support folks to find out exactly the best way to do things/checks/etc on your particular web host server/website.
if ( ini_get('allow_url_fopen') == 1 ) {
$text = '<font color="#fb0101">'.__('On', 'bulletproof-security').'</font>';
echo $text.'</strong><br>';
} else {
$text = '<font color="green">'.__('Off', 'bulletproof-security').'</font>';
echo $text.'</strong><br>';
}
if ( ini_get('expose_php') == 1 ) {
$text = '<font color="#fb0101">'.__('On', 'bulletproof-security').'</font>';
echo $text.'</strong><br>';
} else {
$text = '<font color="green">'.__('Off', 'bulletproof-security').'</font>';
echo $text.'</strong><br>';
}
Thread Starter
imtino
(@imtino)
I found the solution. I have to put the php.ini inside wp-admin directory not public_html. I hope this will help someone.
Plugin Author
AITpro
(@aitpro)
Some web host server configurations allow you to do that. The majority of web host server configurations do not allow that and only recognize/allow a custom php.ini or .user.ini file in the hosting account root folder. Anyway glad you figured out something that works on your particular server/website. π
