allow_url_fopen |
Pass
You are running PHP 5.2 or greater, which makes allow_url_fopen significantly safer. Make sure allow_url_include is disabled, though
Current Value: |
1 |
Recommended Value: |
1 |
|
allow_url_include |
Pass
allow_url_include is disabled, which is the recommended setting
Current Value: |
0 |
Recommended Value: |
0 |
|
display_errors |
Notice
display_errors is enabled. This is not recommended on "production" servers, as it could reveal sensitive information. You should consider disabling this feature
Current Value: |
1 |
Recommended Value: |
0 |
|
expose_php |
Notice
expose_php is enabled. This adds
the PHP "signature" to the web server header, including the PHP version number. This
could attract attackers looking for vulnerable versions of PHP
Current Value: |
1 |
Recommended Value: |
0 |
|
file_uploads |
Notice
file_uploads are enabled. If you do not require file upload capability, consider disabling them.
Current Value: |
1 |
Recommended Value: |
0 |
|
group_id |
Pass
PHP is executing as what is probably a non-privileged group
Current Value: |
100 |
Recommended Value: |
100 |
|
magic_quotes_gpc |
Pass
magic_quotes_gpc is disabled, which is the recommended setting
Current Value: |
0 |
Recommended Value: |
0 |
|
memory_limit |
Notice
memory_limit is set to a very high value. Are
you sure your apps require this much memory? If not, lower the limit, as certain attacks or poor
programming practices can lead to exhaustion of server resources. It is recommended that you set this
to a realistic value (8M for example) from which it can be expanded as required.
Current Value: |
536870912 |
Recommended Value: |
8388608 |
|
open_basedir |
Notice
open_basedir is disabled. When
this is enabled, only files that are in the
given directory/directories and their subdirectories can be read by PHP scripts.
You should consider turning this on. Keep in mind that other web applications not
written in PHP will not be restricted by this setting.
Current Value: |
0 |
Recommended Value: |
1 |
|
post_max_size |
Notice
post_max_size is not enabled, or is set to
a high value. Allowing a large value may open up your server to denial-of-service attacks
Current Value: |
136314880 |
Recommended Value: |
262144 |
|
register_globals |
Pass
register_globals is disabled, which is the recommended setting
Current Value: |
0 |
Recommended Value: |
0 |
|
upload_max_filesize |
Notice
upload_max_filesize is not enabled, or is set to a high value. Are you sure your apps require uploading files of this size? If not, lower the limit, as large file uploads can impact server performance
Current Value: |
134217728 |
Recommended Value: |
262144 |
|
upload_tmp_dir |
Notice
upload_tmp_dir is disabled, or is set to a
common world-writable directory. This typically allows other users on this server
to access temporary copies of files uploaded via your PHP scripts. You should set
upload_tmp_dir to a non-world-readable directory
Current Value: |
/tmp (0700) |
Recommended Value: |
A non-world readable/writable directory |
|
user_id |
Pass
PHP is executing as what is probably a non-privileged user
Current Value: |
256572 |
Recommended Value: |
100 |
|