Turn Off expose_php custom php.ini file setup, php handler

Home Forums BulletProof Security Pro Turn Off expose_php custom php.ini file setup, php handler

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
  • #194
    AITpro Admin

    Email Question:

    Do we need to have our hosting company turn “Off” the expose_php file and place the code:

    <IfModule mod_suphp.c>
     suPHP_ConfigPath /home/username <Files php.ini> order allow,deny deny from all </Files>

    into our .htaccess files? 

    I been going in circles with shopaserver techs who claims it’s disabled on all of their servers but when using Ultimate Security Checker plugin to check this I get “Your server shows too much information about installed software”. 

    Is this something you suggest I get done or am i wasting my time with this request.

    I have BPS Pro version.




    If you are unable to add a custom php.ini file for your website because your host does not allow this or you are using PHP5.3.x then yes you would have to get your web host to change this setting for you.

    The code you posted above is for adding a php handler for your website to look for a custom php.ini file in your website root folder, but first you need to find out if your web host allows this and also if your PHP version is PHP5.2.x or PHP5.3.x or higher.  Please ask your web host if they allow custom php.ini files or .user.ini files and post the answer you get from your Host here.  Also post your PHP version.  Thanks.


    Here is the answer I got:
    We allow custom php.ini.PHP 5.3.15
    No answer about the .user.ini file from them.

    AITpro Admin

    They did not give you much information to go on.  Ok try this and see if you get a better response.  Send this email below to your Host Support and hopefully they will give you full and complete answers to these questions.


    I would like to add a custom php.ini file for my website.  My PHP version is PHP 5.3.15 and I have read that PHP5.3.x now uses .user.ini files instead of php.ini files used in previous versions of PHP. ie PHP5.2.x.  Some Hosts have configured their Servers so that php.ini files can still be used with PHP5.3.x.  I would like to know these questions below and can you also send me some Help page links from the [add your Host’s name here] website regarding php.ini or .user.ini files.

    If php.ini files are still used on [add your Host’s name here] for PHP5.3.x:

    1. What folder would I put my custom php.ini file in?
    2. Would I be adding a single sitewide custom php.ini file or would I need to add multiple custom php.ini files per directory / folder?
    3. Do I need to add a php/php.ini handler code in my root .htaccess file?
    4. Will my new custom php.ini file contain ONLY the directives that I want to change the settings for or do I need to copy the entire Server Default php.ini file to the folder location that you specify above and then add my directive settings changes to that new custom php.ini file?

     Or since my PHP version is PHP 5.3.15 would I create a .user.ini file instead of a custom php.ini file and create the .user.ini file in my Document Root folder?

    Thank you

    AITpro Admin

    I just realized that shopaserver is in the AITpro Web Host’s List here >>> http://www.ait-pro.com/aitpro-blog/3576/bulletproof-security-pro/custom-php-ini-faq/#web-hosts-list

    shopaserver Shared Hosting does not allow you to create a custom php.ini file for your website.  You can only use the BPS Pro ini_set Options for this particular Host.  If you want expose_php turned off then your Host will have to do this for you since they do not allow you to do this.


    Response to your Questions:
    1.  In your home directory /home/yourcpanelusername name the file php.ini
    2.  It will work sitewide.
    3.  Yes you need to add the following line into your .htaccess:  suPHP_ConfigPath /home/username (username should be your cpanel username)
    4.  We recommend modification of an existing / default php.ini file to suit your needs.
    We do allow custom php.ini under fair usage policy.
    Link to shopaserver custom php.ini file help/setup:  www.shopaserver.com/portal/knowledgebase/5/Using-custom-php-ini.html

    AITpro Admin

    Ok it looks like they have changed their policies regarding allowing custom php.ini files for Shared Hosting.  There is still a chance that the information they have given you is not correct, but assuming it is correct then the custom php.ini setup steps that you would use are below.

    NOTE:  They have not given you complete information/complete answers to all the questions, but they have given you enough information to attempt to setup a custom php.ini file for your website.  Once again this information may not be correct or your Host may not fully understand that problems associated with PHP5.3.x (this issue has occurred with several different web hosts who were not aware of the issues with PHP5.3.x and php.ini files/.user.ini files – http://www.ait-pro.com/aitpro-blog/4349/misc-projects/wordpress-tips-tricks-fixes/php5-3-x-php5-4-x-user-ini-file-does-not-work-known-php5-3-x-user-ini-fastcgi-wordpress-zend-issue/) so be prepared to delete the custom php.ini file if you see BPS warning alerts in your WP Dashboard.

    Additional Note:  This statement they made on their php.ini help page is not completely technically accurate – “The php.ini file should reside in your root directory that is  /home/username”.  The technically correct statement should say – “The php.ini file should reside in your Hosting Account root directory that is  /home/username”.  You have a Document Root directory and a Hosting Account Root directory.  Both of these can be loosely referred to as Root directories, but it is always best to be technically accurate.

    Custom php.ini Setup Steps:
    1. You will need to add your php.ini handler code below for shopaserver to this BPS Root Custom Code text box: CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE.
    2. Click the Save Root Custom Code button.
    3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

    # SHOPASERVER PHPINI CODEsuPHP_ConfigPath /home/username (username should be your cpanel username)

    NOTE:  AutoRestore needs to be turned Off while you are performing the custom php.ini setup steps and after you have completed the steps you will need to go to the AutoRestore page and click all 4 Backup Files buttons before turning ARQ back On.

    Php.ini Master File Maker1. Your Host Server php.ini Type is SA. Choose Stand Alone php.ini File – SA or SA/CT from the dropdown select box.2. You will be adding your Host Server Default php.ini file path. To get that path go to P-Security >>> PHP.ini Options page and click on the Diagnostic Checks/Recommendations Run Check button.  The path displayed for the Configuration File (php.ini) Path: /xxxx/xxxx/php.ini is the path you will be using for Add your Host Server Default php.ini File Path:  /xxxx/xxxx/php.ini.  If the php.ini file name is not included in the path then type it in.3. Copy and paste the Recommended: /home/cpanelusername/wp-content/bps-backup/logs/bps_php_error.log path that you see displayed to you into the Enter The Path To Your PHP Error Log File: text box.4. Click the Make Master php.ini File button. Your new Master php.ini file has now been created.

    Php.ini File Creator1. Select My Master php.ini file from the dropdown select box.2. Your custom php.ini file file path will be /home/username (username should be your cpanel username)/php.ini.

    PHP Error LogOnce you have created your custom php.ini file then go to the PHP Error Log Tab / page and you will just need to copy the Error Log Path Seen by Server: path displayed to you to the PHP Error Log Location Set To: text box and click the Set Error Log Location button.


    Wish me luck :O
    Appreciate  your help Ed and I’ll be sure to let you know if I was able to successfully do this LOL!

    AITpro Admin

    To be honest with you I give this about a 50/50 chance of being successful.  I have found in my experience that the smaller hosting outfits are not even aware of the problems associated with PHP5.3.x and php.ini or .user.ini files.  The Hosts think that their customers can successfully setup custom php.ini files or .user.ini files, but what ends up happening is your website runs very poorly because the Server is not configured correctly to handle custom php.ini or .user.ini files correctly.  So yep let me know the results.  Thanks.

Viewing 8 posts - 1 through 8 (of 8 total)
  • You must be logged in to reply to this topic.