Title: Custom php.ini
Last modified: June 8, 2018

---

# Custom php.ini

 *  Resolved [imtino](https://wordpress.org/support/users/imtino/)
 * (@imtino)
 * [8 years ago](https://wordpress.org/support/topic/custom-php-ini/)
 * BPS system info show the following.
 * PHP Allow URL fopen: On
    PHP Expose PHP: On
 * So I created a custom php.ini in public_html with them both off. But BPS detect
   the default php.ini only.
 * PHP Configuration File (php.ini): /usr/local/php/php.ini
 * I create a phpinfo.php in public_html to check and it does show that both are
   off. But BPS system info show on.
 * What can should I do?

Viewing 10 replies - 1 through 10 (of 10 total)

 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [8 years ago](https://wordpress.org/support/topic/custom-php-ini/#post-10380025)
 * Check your web host’s help pages for how to create a custom php.ini file. There
   are 1,000’s of possible combinations with the 5000,000+ web hosts worldwide. 
   So this is not a “one size fits all” kind of thing. 😉 Your web host may require
   that you add php/php.ini handler htaccess code in your root htaccess file or 
   some other specific requirement for your particular web host.
 * Once you get the exact specific php/php.ini file setup for your specific web 
   hosts then…
 * If you are on a Shared hosting server then you need to wait at least 15 minutes
   for any php.ini file changes to take effect or your host may allow you to kill
   system processes in your web host control panel to speed up that server refresh
   waiting period. If you have Dedicated or VPS hosting then you need to reboot 
   your server for php/php.ini file changes to take effect.
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [8 years ago](https://wordpress.org/support/topic/custom-php-ini/#post-10380036)
 * I just noticed this – “I create a phpinfo.php in public_html to check and it 
   does show that both are off. But BPS system info show on.”. There are 2 Directive
   Field values: Local Value and Master Value. Local Value is your local website
   values and Master Value is your default host server values. In some cases the
   web host overrides the Local Value and forces the Master Value. If that is occurring
   the BPS will not be able to accurately display the correct directive values for
   PHP Allow URL fopen: On and PHP Expose PHP: On.
 *  Thread Starter [imtino](https://wordpress.org/support/users/imtino/)
 * (@imtino)
 * [8 years ago](https://wordpress.org/support/topic/custom-php-ini/#post-10380726)
 * So in this case, I can just ignore BPS system info?
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [8 years ago](https://wordpress.org/support/topic/custom-php-ini/#post-10380910)
 * Yep, if the php.ini directive settings are actually correct then just ignore 
   the directive values on the BPS System Info page.
 *  Thread Starter [imtino](https://wordpress.org/support/users/imtino/)
 * (@imtino)
 * [8 years ago](https://wordpress.org/support/topic/custom-php-ini/#post-10380962)
 * As, I mentioned in the OP that the phpinfo.php in public_html showed:
    PHP Allow
   URL fopen: Off PHP Expose PHP: Off
 * Does that mean it’s correct? I am not sure which is the more accurate one the
   phpinfo.php in public_html or BPS System Info.
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [8 years ago](https://wordpress.org/support/topic/custom-php-ini/#post-10380974)
 * The best way to check if those php.ini directives are correct is to create some
   code that tests if they are working or not. Unfortunately, you will not be able
   to use standard checking/testing code, which BPS is already using and will have
   to actually create code that uses url fopen. Example: This gitHub testing code
   will not tell you anything because you do not know if your server is overriding
   things or doing some other non-standard php config stuff >>> [https://gist.github.com/juanramon/921538](https://gist.github.com/juanramon/921538)
 * You would need to create some testing code such as this instead:
    [http://php.net/manual/en/function.fopen.php](http://php.net/manual/en/function.fopen.php)
 * `$handle = fopen("http://www.example.com/", "r");`
 *  Thread Starter [imtino](https://wordpress.org/support/users/imtino/)
 * (@imtino)
 * [8 years ago](https://wordpress.org/support/topic/custom-php-ini/#post-10380980)
 * Anyways, is it important to have these off:
    PHP Allow URL fopen: Off PHP Expose
   PHP: Off
 * It’s in red and that’s why I’m concerned. I am trying to get rid of all the red
   ones in BPS System Info.
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [8 years ago](https://wordpress.org/support/topic/custom-php-ini/#post-10382211)
 * The BPS System Info page uses this standard php.ini directive checking code below,
   which is the optimum recommended way to check these php.ini directive values 
   by PHP.net the creators of the PHP server code. I have come across some web hosts
   that are doing something unusual and non-standard with php Local and Master Values.
   In your particular case it would be best to contact your web host support folks
   to find out exactly the best way to do things/checks/etc on your particular web
   host server/website.
 *     ```
       	if ( ini_get('allow_url_fopen') == 1 ) { 
       		$text = '<font color="#fb0101">'.__('On', 'bulletproof-security').'</font>';
       		echo $text.'</strong><br>';
       	} else { 
       		$text = '<font color="green">'.__('Off', 'bulletproof-security').'</font>';
       		echo $text.'</strong><br>';
       	}	
   
       	if ( ini_get('expose_php') == 1 ) { 
       		$text = '<font color="#fb0101">'.__('On', 'bulletproof-security').'</font>';
       		echo $text.'</strong><br>';
       	} else { 
       		$text = '<font color="green">'.__('Off', 'bulletproof-security').'</font>';
       		echo $text.'</strong><br>';
       	}
       ```
   
 *  Thread Starter [imtino](https://wordpress.org/support/users/imtino/)
 * (@imtino)
 * [7 years, 11 months ago](https://wordpress.org/support/topic/custom-php-ini/#post-10408684)
 * I found the solution. I have to put the php.ini inside wp-admin directory not
   public_html. I hope this will help someone.
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [7 years, 11 months ago](https://wordpress.org/support/topic/custom-php-ini/#post-10408729)
 * Some web host server configurations allow you to do that. The majority of web
   host server configurations do not allow that and only recognize/allow a custom
   php.ini or .user.ini file in the hosting account root folder. Anyway glad you
   figured out something that works on your particular server/website. 🙂

Viewing 10 replies - 1 through 10 (of 10 total)

The topic ‘Custom php.ini’ is closed to new replies.

 * ![](https://ps.w.org/bulletproof-security/assets/icon-128x128.png?rev=1731938)
 * [BulletProof Security](https://wordpress.org/plugins/bulletproof-security/)
 * [Support Threads](https://wordpress.org/support/plugin/bulletproof-security/)
 * [Active Topics](https://wordpress.org/support/plugin/bulletproof-security/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/bulletproof-security/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/bulletproof-security/reviews/)

 * 10 replies
 * 2 participants
 * Last reply from: [AITpro](https://wordpress.org/support/users/aitpro/)
 * Last activity: [7 years, 11 months ago](https://wordpress.org/support/topic/custom-php-ini/#post-10408729)
 * Status: resolved