Which PHP Settings Can I Change?

Learn the most important php.ini directives, which allow you to alter certain PHP settings to accomodate the requirements of your website.

Security Settings

allow_url_fopen = On

Determines whether file access to external URLs is allowed. Preventing it increases security because it is more difficult for attackers to reload malware.

display_errors = Off

Although the error display is useful for debugging, it also provides internal information to attackers. It is therefore recommended to switch them off.


Specifies a list of functions to turn off. These are usually not used by PHP software, but by attackers.
Example: disable_functions = exec,system,passthru,shell_exec, popen,escapeshellcmd,proc_open, proc_nice,ini_restore

safe_mode = On

Enables the safe mode, which causes PHP to run in a safe mode. Further checks take place during file operations and access to environment variables is restricted.

Script Limit Settings

Hint: The limit values for the working memory (RAM) are given below in the php.ini-typical notation. For example, a value of 256M limits the available memory to 256 megabytes (MB).

memory_limit = 256M

Specifies the maximum amount of memory (RAM) a script may use. ATTENTION: Regardless of the global value specified here, the memory limit specified for your package applies. Higher values are therefore ignored by the web server. For example, to set the memory_limit to 512 MB, the following must be entered in php.ini: memory_limit = 512M

post_max_size = 64M

Determines the maximum amount of data that can be transferred via POST method. If you want to upload large files using a form, the value should be greater than upload_max_filesize. For example, to set post_max_size to 128 MB, enter the following in php.ini: post_max_size = 128M
Hint: Actual size may vary. For example, if the maximum script runtime is exceeded. Furthermore, the memory_limit must be greater than post_max_size.

upload_max_filesize = 64M

Determines the size of files that can be uploaded using a form. For example, to upload files up to 128 MB in size, enter the following in php.ini: upload_max_filesize = 128M

max_execution_time = 60

Time limit on how long a script can run. ATTENTION: Regardless of the global value specified here, the Max_Execution_Time specified for your package applies. Higher values are therefore ignored by the web server. For example, to limit the execution time for scripts to 45 seconds, enter the following in your php.ini: max_execution_time = 45

Other Settings

zlib.output_compression = off

Compress php files in gzip format

session.auto_start = off

Specifies whether the session module automatically starts a session at the beginning of a request. Default 0(disabled).

max_input_vars = 5000

This directive prevents the use of hashtable collisions for a denial of service attack. If more input variables are sent than allowed by this directive, an error of level E_WARNING is thrown and further input variables are not accepted. This limit is calculated individually for multidimensional input arrays for each nesting level.

max_input_time = -1

Specifies the maximum time in seconds a script may take to process input data (such as POST, GET, and file uploads). The time is measured when the data is received on the server until script execution starts. Time in seconds (-1 = no limit)