Custom php.ini File Setup PHP5.3.x and higher versions of PHP

[AITpro Admin]

This is a supplemental help Topic for the P-Security custom php.ini file setup steps that are contained in the Read Me help buttons on the P-Security >>> PHP.ini Options page.

Edit|Update:  10-21-2020

These days all PHP 7.x versions on all web hosts use .user.ini files instead of php.ini files. Also php handler htaccess code has been phased out and is typically not required on PHP 7.x versions.

How to add/create a .user.ini file:
1. You would first check your web host’s help information about creating a .user.ini file for you website/hosting account.
Note:  PHP 7.x versions now use .user.ini files instead of php.ini files. Also check to see if a .user.ini file already exists in your hosting account root folder (/public_html/, etc.).
2. When you are ready to create a new .user.ini file turn Off BPS Pro AutoRestore and then create your new .user.ini file.
3. You would then add the PHP configuration settings that you would like to use/add in your new .user.ini file after it has been created. Look at this BPS Pro file to get PHP configuration settings > /bulletproof-security/admin/php/bpspro-base-phpini.ini.
4. Choose the PHP configuration settings from the bpspro-base-phpini.ini file that you would like to use/add and copy them into your .user.ini file that you created for your website/hosting account. Important Note:  Do not use the allow_url_fopen PHP configuration directive or if you do use it set it to On not Off:  allow_url_fopen = On.  Using allow_url_fopen = Off will most likely cause problems for your website.
5. Go to the BPS Pro Setup Wizard page and run the Pre-Installation Wizard and Setup Wizard.

This is older help information below this point:

The P-Security custom php.ini setup steps cover all the possibilities of Stand Alone and Combined Total custom php.ini File Types, but do not cover php/php.ini htaccess handlers. Php/php.ini htaccess handlers are web host specific. There are some general php/php.ini handlers you can experiment with (trial and error), but using an invalid / incorrect handler could crash your website. Be prepared to use FTP or your web host control panel file manager to delete your root .htaccess file if you plan on experimentally testing php/php.ini handlers. It is of course recommended that you get the specific and unique php/php.ini handler .htaccess code from your web host’s help pages or by contacting your web host support folks.

NOTE:  Your web host may NOT require that you use a php.ini handler.  More and more web host’s are not using php.ini handler root htaccess code and are instead automatically handling this in the Server config files.  ie you would just create your custom php.ini file and it will be automatically seen/recognized by your Server and loaded without having to add custom php.ini handler htaccess code in your root htaccess file.

Custom php.ini handlers go in your root .htaccess file (if your web host requires that you use a php.ini handler) and can be added to BPS Custom Code to save that php.ini handler code permanently.

If you already know what the correct php.ini htaccess handler is for your specific web host…

1. You would add that php.ini htaccess code in this BPS Custom Code text box: CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

If you do NOT already know what the correct php.ini htaccess handler is for your specific web host and you are experimenting with trial and error…

1. Turn Off AutoRestore.
2. Use FTP or your web host control panel file manager and manually add test php.ini handler .htaccess code at the top of your root .htaccess file. If your website crashes then remove that php.ini handler htaccess code from your root .htaccess file. You would try each of the php.ini handlers below to see if either of them work on your particular server/website/host.
3. If you find a php.ini handler that works then do the Custom Code steps above to save your php.ini handler htaccess code permanently.

General Example: 2 of the most common custom php.ini htaccess handlers:

SetEnv PHPRC /home/useraccount/public_html/php.ini

suPHP_ConfigPath /home/useraccount/public_html/php.ini

[Bob]

[Topic has been moved to this relevant Topic]

Hi,

I have:
A PHP/php.ini Handler was Not found in your Root .htaccess file error message in the P-Security section after clicking on the ‘Diagnostic Checks/Recommendations’ button on BPS Pro. Below this I also get:

Configuration File (php.ini) Path: /usr/local/lib
Loaded Configuration File: /usr/local/lib/php.ini

php.ini, php5.ini & .user.ini File Search Results: (Displays the file paths below if files were found)

disable_functions: The ini_set function is Not Disabled

wp-config.php File: The wp-config.php file was found in the website root folder.

Error Log Path Seen by Server: /home/affilite/public_html/robertgee.me/wp-content/bps-backup/logs/bps_php_error.log
PHP Error Log Location Set To: /home/affilite/public_html/robertgee.me/wp-content/bps-backup/logs/bps_php_error.log
ini_set PHP Error Log Location Set To: /home/affilite/public_html/robertgee.me/wp-content/bps-backup/logs/bps_php_error.log

There are further details but I don’t want to post these on the forum! Can you explain what all this implies and if I need a php.ini Handler how do I do that and where do I put it?

Thanks in anticipation,
Robert

[AITpro Admin]

The php/php.ini handler check is not an error message and is a diagnostic check result that will display either a php/php.ini handler if you are using a php/php.ini handler or a php/php.ini handler not found result if you are not using a php/php.ini handler.

Are you trying to setup a custom php.ini file or were you just running the Diagnostic check just to run it?

[Bob]

The php.ini Security Status list shows about 5 red listings – one of which is the “suhosin.executor.func.blacklist” and several other items are ON when they are recommended to be off.

I suspected therefore that it would be a good idea to set up a custom php.ini file. But I bow to your superior knowledge, of course. Please advise.

[AITpro Admin]

Custom php.ini file creation is very simple ONCE you have all the unique and specific information about what is required for creating a custom php.ini file on your particular web host.  Custom php.ini file creation is NOT a one-size fits all thing so I don’t recommend trying to “wing it”.  Start out your custom php.ini journey/mission by clicking on the P-Security >>> PHP.ini Overview Read Me help button.  The Read Me help text contains help info for you to get started and also contains a pre-made letter that you can copy and paste and send to your web host IF you cannot find the unique and specific custom php.ini file requirements for your specific web host on your web host’s help pages.

[Tina Dubinsky]

[Topic has been merged into this relevant Topic]

I’ve just changed hosts this week and BPS Pro is 99.9% operational.  I have a small issue which may not be an issue at all, but I’m curious to get your feedback.  My new host requires me to create a .user.ini file (for the main domain and sub-domains) and a single custom php.ini  that sits under the public_html folder. (I sent them the four questions you suggested for custom php / user files.)  All the custom ini files are set up and I have added a php handler to the .htaccess file using your custom code instructions. I was advised that I only needed to include the PHP 5.4 handler.  The .user.ini files are being picked up and I can see the changes under the Php.ini Security Status tab.  The changes in the custom php.ini file (recursive) are not showing up in the PHP.Ini Security Status tab.  These three items are still showing in red for all installations including the main one.  My host set up a info.php file under my public_html folder which shows the server is receiving the custom php.ini information and the changes from the custom php.ini file seem to be working from their point of view. I’m just curious as to why it would still (many hours later) not be updating the information under the Php.ini Security Status tab. Have I or my host missed a step?  Do I need to add something else to the custom code even though they assured me their server is picking up the settings from my custom php.ini?  Should I just ignore the red in the PHP.ini Security Status tab as it’s working fine?

Thanks for your help,

-Tina

[AITpro Admin]

BPS Pro has a PHP Info Viewer in P-Security that uses the PHP phpinfo() function to view your Server’s PHP configuration information for each website.

My new host requires me to create a .user.ini file (for the main domain and sub-domains) and a single custom php.ini that sits under the public_html folder.

A .user.ini file is the same thing as a php.ini file.  .user.ini files are a newer method created by the PHP folks in newer PHP Server versions to add or change your PHP Server configuration settings so the statement above seems unusual for a couple of reasons.  Why would you use both a .user.ini file and a php.ini file?  It seems like you would just need to add your PHP settings in your .user.ini files instead of in the php.ini file above the /public_html/ folder.  Since you said settings that you added in the .user.ini files are being seen/recognized then the obvious thing to try would be to add your directive settings in your .user.ini files instead of the php.ini file.

It is possible depending on how a server is configured or the server type that php.ini settings will not be applied until these things happen:  on a Dedicated server you would need to reboot the server in order to have the php.ini settings applied to the server and have them be seen/recognized by the server.  On GoDaddy Shared hosting you can either wait several minutes for the server to automatically “refresh” System Processes or you can manually kill System Processes in order to “refresh” the new php.ini settings.

[Tina Dubinsky]

I originally had everything set up in the .user.ini file (as per their original instructions) and when I noticed three out of five settings were still red, I went back to them to confirm these settings couldn’t be changed.  That’s when they informed me that these particular settings still in red would need to be changed using a custom php.ini file.  I did try adding everything to the php.ini file but when I did that, the settings which had worked showed up as red in the Php.ini Security Status tab, so I moved them back to the user file.  I’ll try to email you the separate php info viewer file they have provided me to show me that from their point of view, the custom php.ini file is working.  The items which still show in red on the Php.ini Security Status tab are: disable_functions The recommended PHP functions are not disabled; allow_url_fopen On; mysql.allow_persistent On .  I am using a shared server with Site5 and its been over 12 hours since I set up both ini files.

[AITpro Admin]

Oh ok I know what is going on now.  I checked the link you sent to me and see that your PHP server configuration settings are being applied to the /public_html/ folder ONLY.

Your host server is using a per directory (non-recursive) php.ini server configuration by default vs a sitewide (recursive) php.ini server configuration by default, which means that whichever actual folder the php.ini file is in will have those php.ini settings.  Folders above (child folders) the /public_html/ folder (parent folder) such as /public_html/some-other-folder/another-folder/ will NOT have those php.ini settings applied from the /public_html/php.ini file.

Ask your host if they have php/php.ini htaccess handler code to apply php.ini settings sitewide.  The php/php.ini handler htaccess code would look something like these 2 example handlers below (note: you need to check with your host to get their unique/specific handler code – php/php.ini handler htaccess code is NOT a one size fits all thing):

General Example: 2 of the most common custom php.ini htaccess handlers:

SetEnv PHPRC /home/useraccount/public_html/php.ini
suPHP_ConfigPath /home/useraccount/public_html/php.ini

[Tina Dubinsky]

All sorted, thanks for your advice. Back to my original configuration with a single custom php.ini outside the public_html webspace, no more .user.ini files and a custom php.ini htaccess handler added only the parent folder .htaccess folder using the BPS Pro Custom Code fields.

[AW]

[Topic has been merged into this relevant Topic]
A short briefing about my site. It was down due to some malware( which i may be infected by other domains). Now all things are up ( Import SQL into database, Import WP-Content(backup) ) . [ I am using USER Pro Social login and some of its plugin as well ] First thing i do, is install Bulletproof. Done with the settings, the i encounter php.ini error message.

PHP Version: 5.4.45
PHP|php.ini Handler: A PHP|php.ini Handler was Not found in your Root .htaccess file.

Configuration File (php.ini) Path: Click the View PHPINFO button on the PHP Info Viewer page to get this path.
Loaded Configuration File: /opt/php54/lib/php.ini

php.ini, php5.ini & .user.ini File Search Results: (Displays the file paths below if files were found)

disable_functions: The ini_set function is Not Disabled

wp-config.php File: The wp-config.php file was found in the website root folder.

Error Log Path Seen by Server: /home4/alexwong/public_html/gohorize.com/wp-content/bps-backup/logs/bps_php_error.log
PHP Error Log Location Set To: /home4/alexwong/public_html/gohorize.com/wp-content/bps-backup/logs/bps_php_error.log
ini_set PHP Error Log Location Set To: /home4/alexwong/public_html/gohorize.com/wp-content/bps-backup/logs/bps_php_error.log

Website Root Folder: http://gohorize.com
WP ABSPATH: /home4/alexwong/public_html/gohorize.com/
Host by Address: 192.185.60.72
DNS Name Server: ns8365.hostgator.com

Server Type: Apache
Operating System: Linux
Server API: cgi-fcgi CGI Host Server Type

Zend Engine Version: 2.4.0
Zend Guard Loader: Zend Guard Loader Extension is Loaded
FastCGI: Unable to detect whether FastCGI is in use. Check your web host control panel to see if FastCGI is in use.
-------------------------------------------------------------
Shared Hosting Recommendations: 
For first time installations of BPS Pro it is recommended that you use the ini_set Options to quickly setup your PHP Error Log file and location. If you would like to create a custom php.ini file for your website see this Forum Topic: Custom php.ini File Setup
-------------------------------------------------------------
VPS or Dedicated Hosting Recommendations: 
For first time installations of BPS Pro it is recommended that you use the ini_set Options to quickly setup your PHP Error Log file and location. You can then create a custom php.ini file, which you can upload to replace the Servers php.ini file for your website at a later time if you would like. You can create/use either a custom php.ini file or the ini_set Options method or both at the same time. If you have created a custom php.ini file and you also use ini_set Options then your ini_set Options settings will take precedence over your custom php.ini file settings.

If a custom php.ini file was found in the php.ini, php5.ini & .user.ini File Search Results: then delete that file. For VPS or Dedicated Hosting you have full access to that Servers php.ini file (Loaded Configuration File:), and you will be uploading your custom php.ini file and replacing the Servers php.ini file with your custom php.ini file instead of creating the custom php.ini file under your website folders. Click HERE for the custom php.ini setup steps for VPS and Dedicated hosting

So for the first case about php.ini, what should i do ?
Looking forward for your reply.
Regards,
Alex

[AITpro Admin]

@ AW – The P-Security Diagnostic Checks tool is not displaying errors and is instead displaying diagnostic checks/information about your server php configuration and php.ini file information if you decide to setup a custom php.ini file.  If you would like to create a custom php.ini file for your website then you would use this Diagnostic Checks tool information to setup a custom php.ini file for your website/server.  Click the P-Security > PHP.ini Options > PHP.ini Overview Read Me button for help information on creating a custom php.ini file.

[AW]

Thanks for replying. I read the advice in the forum link, and i read the php read me as well. Due to limited knowledge on php, could you please guide me in a much more simple way for dummy like me…hehe. I had few website using the same shared hosting, all of them are running on BPS and has no issue on the php.ini thingy. Looking forward for your guide. Thanks.
Regards,
AW

[AITpro Admin]

Custom php.ini setup is completely different and unique on each web host so you need to contact your web host to get the specific and unique custom php.ini setup steps and information from your particular web host.

The First Step to Creating a custom php.ini File
The first step to creating a custom php.ini file for your website is to get the specific and unique information and requirements for creating a custom php.ini file on your particular web host. You can either get that custom php.ini information from your web host’s help pages or by sending your web host the email questions below or you can try “winging it” (trial and error experimentation) – see theWinging It Trial and Error Experimentation help section.

If you have found custom php.ini file help information on your web host’s help pages or have received an email reply back from your web host about creating a custom php.ini file then click on the Php.ini Master File Maker Read Me help button to continue the custom php.ini file setup steps.

Email Questions to Send to Your Web Host to Get custom php.ini File Setup Information
I would like to add a custom php.ini file for my website and have these questions:

1. Can I copy the Server’s php.ini file to my Hosting Account folder and make changes/edit the php.ini directive settings or do I need to create a new custom php.ini file with ONLY the php.ini directive settings that I want to change in that new custom php.ini file?
2. Which website folder would I add my custom php.ini file in? Would I add it in the Document Root/Hosting Account root folder for my website?
3. Can I add a single sitewide custom php.ini file for my entire Hosting Account or would I need to create multiple custom php.ini files per directory/folder under my Hosting Account folders?
4. Do I need to add php/php.ini handler .htaccess code in my root .htaccess file? Example: suPHP_ConfigPath /home/xxxxxx/public_html/php.ini or will the Server see and load my custom php.ini file without adding php/php.ini handler .htaccess code in my root .htaccess file?

Additional Help Info and examples can be found in the Custom php.ini Forum Help Link link (see Forum Help Links at the top of this Read Me help window).

[AW]

Hi BPS,
Thanks, your response is awesome. I just emailed to my host, the sad part is that my host is soooo slow in responding. So as if i would like to try and work it out, i shall refer to the topic “Winging It Trial and Error Experimentation help section”? I bet it shouldn’t be difficult to get it fix, anyhow will retry again, if there’s any other guide that you could advice me, please and welcome. Thanks.
Regards,
AW

[Author]

Posts