Knowledge Base: PHP/MySQL/Perl/Apache

Knowledge Base

Q: Protect/Secure your PHP.INI file

It is very important that you restrict the access to the php.ini file, as it can open the doors to hacking your website

There are 2 simple methods to protect your custom php.ini:

1. CHMOD all your php.ini files to 600 (only owner has read/write access, all other groups have no access).
You can do this using your FTP client, or via the file manager of your cPanel.

2. Using your .htaccess file, Add the following lines on to the .htaccess file:

<Files *.ini>
Order deny,allow
Deny from All
</Files>

Last update on: 2009-10-12 15:41:04