Here is an overview of the most important php.ini directives that you can use to adjust the PHP settings of your web hosting package to the requirements of your website.
allow_url_fopen = On
This determines whether file access to external URLs is allowed. Disallowing it increases security because it is more difficult for attackers to download malware.
This specifies a list of functions that should be disabled. These are not usually used by PHP software but are used by attackers.
Example: disable_functions = exec,system,passthru,shell_exec, popen,escapeshellcmd,proc_open, proc_nice,ini_restore
safe_mode = On
This turns on safe mode, which causes PHP to run in a safe mode. Further checks are made on file operations and access to environment variables is restricted.
Script Limit Settings
The limits for the working memory (RAM) are given below in the php.ini typical notation. For example, a value of 256M represents a limit of 256 megabytes (MB) of available RAM.
memory_limit = 256M
Specifies the maximum amount of memory (RAM) a script may use. CAUTION: Regardless of the global value specified here, the memory limit specified for your package applies. Higher values are therefore ignored by the web server. For example, to set the memory_limit to 512 MB, the following must be entered in php.ini: memory_limit = 512M
post_max_size = 64M
Determines the maximum size of the data transferred via POST method. If you want to upload large files via form, the value should be larger than upload_max_filesize. For example, to set post_max_size to 128 MB, enter the following in php.ini: post_max_size = 128M
Notice: The actual size may vary. For example if the maximum script runtime is exceeded. Furthermore the memory_limit must be greater than post_max_size.
upload_max_filesize = 64M
Determines how large files uploaded by form may be. For example, to be able to upload files up to 128 MB, enter the following in php.ini: upload_max_filesize = 128M
max_execution_time = 60
Time limit how long a script may run. ATTENTION: Regardless of the global value specified here, the Max_Execution_Time specified for your package applies. Higher values are therefore ignored by the web server. For example, to limit the execution time for scripts to 45 seconds, enter the following in your php.ini: max_execution_time = 45
This setting determines whether PHP error messages should be displayed on the screen or not. To display error messages, display_errors must be set to "on".
This setting is especially useful for development and debugging, but should be set to "off" in production environments for security reasons, as it can provide useful information to attackers. Since PHP 8.1, display_errors = Off is therefore the default setting for IONOS web hosting.
zlib.output_compression = off
Compress php files in gzip format
session.auto_start = off
Specifies whether the session module automatically starts a session at the beginning of a request. Default 0(disabled).
max_input_vars = 5000
This directive prevents the use of hashtable collisions for a denial of service attack. If more input variables are sent than allowed with this directive, an E_WARNING level error is thrown and more input variables are not accepted. This limit is calculated for multidimensional input arrays for each nesting level separately.
max_input_time = -1
Sets the maximum time in seconds that a script may consume to process input data (such as POST, GET, and file uploads). The time is measured when the data is received on the server until the script execution starts. Time in seconds (-1 = no limit)
You can find more help on this topic in the following articles: