System info – are settings in red bad

Home Forums BulletProof Security Free System info – are settings in red bad

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
  • #22470


    Just upgraded the BPS plugin across a couple of sites and, looking at the System Info page, I was wondering what the significance of some of the information shown in red is? For example on one of my sites, the system info shows:

    PHP Allow URL fopen: On
    PHP Display Errors: On
    PHP Expose PHP: On
    PHP MySQL Allow Persistent Connections: On

    I am assuming the red means bad and green good, but I have been unable to find any info on the forums or in the help regarding these settings. The reason for my interest is that my server has been brought down by various attempted hack / DOS attacks recently, so I am keep to have any security risks covered up.

    Can you provide any guidance as to what are potentially risky settings shown in System Info, and what if anything we need to do about them? Perhaps in a future update you could change the system info to read something like:

    PHP Allow URL fopen: On (but that’s ok!)
    PHP Display Errors: On (would be better if this was off)
    PHP Expose PHP: On (security risk, do this….)
    PHP MySQL Allow Persistent Connections: On (see here for more info).

    As it stands, the red text seems to want to alert me to something, but I’m not sure what!
    Cheers guys, James 🙂

    AITpro Admin

    These are general PHP directive configuration checks so that you can see the current status/settings of these PHP directives.  Some of these directive settings can be changed by using the ini_set() function in your wp-config.php and other directive settings can only be set using a custom php.ini file.  To create a custom php.ini file for your website you will need to contact your web host support folks to ask them if your host allows creating custom php.ini files and what specific and unique requirements that they have for custom php.ini files.  php.ini files are not a one size fits all thing and there are literally 1,000’s of different unique requirements for the 350,000 web hosts worldwide.  We have intentionally decided to only display the current directive settings and not go into any detail explaining them because this is a very complex and time consuming thing to take on.  You can Google the directive settings to find out more about each one of them and what they do.  😉


    Thanks, but I guess my real question is whether or not I should be concerned by settings that are shown in red? Does red mean that these settings are less preferable, insecure or in some other way bad?  I’m assuming that there is some reason that you chose to have certain settings shown in red to highlight them.

    Cheers, James

    AITpro Admin

    Yes.  Red font means these settings are less secure.  So if you want to change these settings and make them more secure then you would create a new custom php.ini file for your website (if your web host allows that) or edit an existing php.ini file (if one already exists) and change those settings.  Due to the fact that there are literally 1,000’s of different factors involved in creating a custom php.ini file and the 350,000 different web hosts worldwide have some basic standards, but will have different specific and unique requirements, then we only go as far as to make a recommendation and do not offer to go any further with assisting someone to create or edit a custom php.ini file.  This is something that you need to do on your own after asking your particular web host what they do and do not allow and/or following a web host help page for your particular web host that has full instructions about creating php.ini files for your particular web host.  This is not a “one size fits all” thing so the only correct way to go about doing this is starting with asking for help from your particular web host.


    Many thanks, that’s what I needed to know!

    I have control over the php settings so I will do some investigations as to what the settings in red mean and whether they will have any other implications if turned off, then will experiment with changing the settings.

    Keep up the good work guys  🙂


    Thanks. ‘PHP Display Errors’ and ‘PHP Display Startup Errors’ seemed like no-brainers to turn, but I will wait until I have more time to test for any other unexpected consequences before playing around with the other settings.

Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.