How to disable phpinfo(); in a shared environment/hosting?

The phpinfo() function in php has a lot of uses. Before going to disable the phpinfo function, you must learn the basics of it. Here is the link which helps you to create the phpinfo –> phpinfo()

What is phpinfo() function ?

The function phpinfo() displays the current information of PHP, which includes the php extensions and compilations, version, server information and environment (if compiled as a module), the PHP environment, paths, master and local values of configuration options, HTTP headers, and the PHP License etc.

You will get the PHP information not only from the browser but also from the server command-line. For that you just need to execute the phpinfo file, like:

php phpinfo.php

How to disable phpinfo() ?

This post was published on Oct, 2018. Verified with new versions and updated. In case of any issues, please comment. Our team will reply or update the post as soon as possible.

There is an option called disable_functions in php configuration file (php.ini) on server to disable php functions. Here is the steps to do the same.

Step I : SSH to server
Step II : Edit the php.ini file

disable_functions =  phpinfo

OR, In .htaccess, add the following line.

php_value disable_functions phpinfo

What is the difference between Tar and Gzip ? Details with example

I too had this doubt! what are the differences between “tar” and “zip” utilities in Linux.

The answer is quit simple rather than the confusion. We all are very familiar about the word (extension) “.tar.gz“, it’s very common when we download something from internet. Read more..

Other php functions commonly disabled in shared environment.

#show_source()

The show_source() function outputs a file with the PHP syntax highlighted. The syntax is highlighted by using HTML tags. The colors used for highlighting can be set in the php.ini file or with the ini_set() function. This function returns TRUE on success, or FALSE on failure. show_source() is an alias of highlight_file().

#system

Execute an external program and display the output

#shell_exec

Execute command via shell and return the complete output as a string

#passthru

Execute an external program and display raw output

#exec

Execute an external program

#popen

Opens process file pointer

#proc_open

Execute a command and open file pointers for input/output

#allow_url_fopen

If enabled, allow_url_fopen allows PHP’s file functions to retrieve data from remote locations such as an FTP server or web site, and could lead to code injection vulnerabilities.

Eg; In php.ini

disable_functions = "show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen"

Thank you!

Related articles

1, How to create phpinfo page on Linux server
2, List the current PHP handler on the server
3, How to change PHP handler from SuPHP to FastCGI

If you are interested in new technologies please read about how Prometheus helps on monitoring. All these docs are under this category, Prometheus.

Post navigation

Arunlal A

Senior System Developer at Zeta. Linux lover. Traveller. Let's connect! Whether you're a seasoned DevOps pro or just starting your journey, I'm always eager to engage with like-minded individuals. Follow my blog for regular updates, connect on social media, and let's embark on this DevOps adventure together! Happy coding and deploying!

2 thoughts on “How to disable phpinfo(); in a shared environment/hosting?

Leave a Reply

Your email address will not be published. Required fields are marked *