This is an overview of the recommended directives for your application. The most important directives have been collected here, for a quick review. The whole list of directive is available as a link to the manual, when applicable. When an extension is missing from the list below, either it as no specific configuration directive, or it is not used by the current code.
| Directive | Suggestion | Description |
|---|---|---|
| date | ||
| date.timezone | Europe/Amsterdam | It is not safe to rely on the system's timezone settings. Make sure the directive date.timezone is set in php.ini. |
| intl | ||
| intl.default_locale | The locale that will be used in intl functions when none is specified (either by omitting the corresponding argument or by passing NULL). These are ICU locales, not system locales. | |
| intl.error_level | E_WARNING | The level of the error messages generated when an error occurs in ICU functions. This is a PHP error level, such as E_WARNING. It can be set to 0 in order to inhibit the messages. This does not affect the return values indicating error or the values returned by intl_get_error_code() or by the class specific methods for retrieving error codes and messages. Choosing E_ERROR will terminate the script whenever an error condition is found on intl classes. |
| intl.use_exceptions | false | If set to true, an exception will be raised whenever an error occurs in an intl function. The exception will be of type IntlException. This is possibly in addition to the error message generated due to intl.error_level. |
| Extra configurations | Intl runtime configuration | |
| standard | ||
| memory_limit | 120 | This sets the maximum amount of memory in bytes that a script is allowed to allocate. This helps prevent poorly written scripts for eating up all available memory on a server. It is recommended to set this as low as possible and avoid removing the limit. |
| max_execution_time | 90 | This sets the maximum amount of time, in seconds, that a script is allowed to run. The lower the value, the better for the server, but also, the better has the script to be written. Avoid really large values that are only useful for admin, and set them per directory. |
| expose_php | Off | Exposes to the world that PHP is installed on the server. For security reasons, it is better to keep this hidden. |
| display_errors | Off | This determines whether errors should be printed to the screen as part of the output or if they should be hidden from the user. |
| error_reporting | E_ALL | Set the error reporting level. Always set this high, so as to have the errors reported, and logged. |
| log_errors | On | Always log errors for future use |
| error_log | Name of a writable file, suitable for logging. | Name of the file where script errors should be logged. |
| Extra configurations | Standard runtime configuration | |
| Enable DL | ||
| enable_dl | Off | Whether or not to enable the dl() function. The dl() function does NOT work properly in multithreaded servers, such as IIS or Zeus, and is automatically disabled on them. |
| Disable features | ||
| disable_functions | exec, passthru, shell_exec, system, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, popen, pclose, curl_exec, curl_multi_exec, show_source, symlink, fsockopen, pfsockopen, socket_connect, socket_create_listen, socket_create_pair, socket_create, symlink, mail, apache_child_terminate, apache_get_modules, apache_get_version, apache_getenv, apache_note, apache_setenv, pcntl_alarm, pcntl_errno, pcntl_exec, pcntl_fork, pcntl_get_last_error, pcntl_getpriority, pcntl_setpriority, pcntl_signal_dispatch, pcntl_signal, pcntl_sigprocmask, pcntl_sigtimedwait, pcntl_sigwaitinfo, pcntl_strerror, pcntl_wait, pcntl_waitpid, pcntl_wexitstatus, pcntl_wifexited, pcntl_wifsignaled, pcntl_wifstopped, pcntl_wstopsig, pcntl_wtermsig, dl, leak, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid | This directive allows you to disable certain functions for security reasons. It takes on a comma-delimited list of function names. disable_functions is not affected by Safe Mode. ; 1 sensitive functions were found in the code. Don't disable those : |
| disable_classes | phar | This directive allows you to disable certain classes for security reasons. It takes on a comma-delimited list of class names. disable_classes is not affected by Safe Mode. This directive must be set in php.ini. ; 1 sensitive classes were found in the code. Don't disable those : |