System Info vs phpinfo differences

Home Forums BulletProof Security Free System Info vs phpinfo differences

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
  • #7388

    I have a mismatch between what the BPS SystemInfo page tells me and phpinfo for the same site.

    PHP Safe Mode: Off
    PHP Allow URL fopen: On
    PHP Allow URL Include: Off
    PHP Display Errors: On
    PHP Display Startup Errors: Off
    PHP Version 	5.4.16
    Directive	Local Value	Master Value
    allow_url_fopen	Off	Off
    display_errors	Off	Off
    display_startup_errors	Off	Off
    AITpro Admin

    Then that would most likely mean that your host uses per directory php.ini files.

    Example php.ini file in the Root folder of the website:

    The php.ini file in the Document Root folder is applying php configuration settings to only the Document Root folder and NOT recursively to all child/subfolders – /wp-admin, /wp-content and /wp-includes.

    Do this as a test.  Edit your wp-config.php file and add this ini_set code in your wp-config.php file.  See if these settings now show as “off” in System Info.

    /* That's all, stop editing! Happy blogging. */

    Your host may allow you to use php/php.ini handler .htaccess code that would apply php configuration settings recursively.  You need to check with them for their specific/unique php/php.ini handler htaccess code.

    This below is an example of the most common .htaccess php/php.ini handler that applies php configuration settings sitewide recursively for suPHP. You can try this, but it may crash your website. It is recommended that you check with your web host first to find out what your Server/Host does and does not allow, php/php.ini unique requirements and other host specific things for only your host.  php/php.ini is NOT one size fits all and has 1,000’s of different settings possibilities on the 1,000’s of web hosts Worldwide.  Check with your Host first.  😉

    suPHP_ConfigPath /home/xxxxx/public_html
    suPHP_ConfigPath /home/xxxxxx/public_html/php.ini

    Other additional info about PHP and php.ini files


    Yes, I can use per directory php.ini files. I did have a problem a few months ago when I mistakenly enabled a cpanel option that put php.ini files in all my sub-directories. That as a mess to clean up! I just went through most of them again and did find one that was hidden in a plugin folder (hotfix) which I had missed.

    My htaccess handler is

    AddHandler application/x-httpd-php54 .php .php5 .php4 .php3

    When I discussed this with my host in the past they said that php.ini files are recursive so I figure something must be overwriting those particular fields.

    I tried the ini_set commands and they did change the value displayed. Do those commands actually change the php setting or just the value that’s displayed by BPS? i.e. Do I still have a problem?

    When BPS descts those conditions in which directory would it be operating (i.e. in which folder should I start looking for another php.ini file)?

    I’ll have another read of your php article later (once I have had a coffee or two!).

    Thanks for your advice on this.

    AITpro Admin

    If the ini_set test did change values displayed in your /wp-admin folder then this means that you are now applying those php settings to your /wp-admin folder and what your host told you about php.ini files being recursive on your particular Server is not quite correct or they did not give you “all” the information that you would need to apply php/php.ini configuration changes sitewide.

    That is what the example php/php.ini handlers do that I posted above (apply php configuration settings sitewide), BUT your Host Server MUST have directives in the Server’s httpd.conf file that will recognize/follow/apply the php/php.ini handler code in an .htaccess file.  Like I said above this is NOT a one size fits all thing.  There are literally 1,000’s of different possible settings.  You need to contact your web host and get their specific and unique requirements for your Server.


    I made some further tests and for sub-directories the php.ini that is being used is indeed the default server one and not the one that I have defined in my domain root. This is a change in behavior from a few months ago. I have raised a ticket with my webhost.


    It seems as though I need a php.ini in every subdirectory! Thankfully there is tool in my cpanel  to do that, but what an overhead!

    Just one last question on this  – why do you recommend “mysql.allow_persistent = Off ”  ?

    AITpro Admin

    The mysql_pconnect() function might be used in a WordPress plugin on your site, but it is very unlikely. There are Pros and Cons to using this directive setting, but without explaining what those Pros and Cons are, we log hackers attempting to exploit the mysql_pconnect() function on a regular basis on the AITpro sites.  Basically this is one of those settings that can go either way, but the overall best setting taking into consideration all the pros and cons is mysql.allow_persistent = Off.

    Reference link

Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.