allow_url_fopen set to Off ?

postcd

• November 25, 2014 11:45

Hello, PHPSecInfo script told be i should turn off "allow_url_fopen", is it safe to do it on WHM server which hosting Wordpress and Joomla? i found this in phpini:
cat /usr/local/lib/php.ini | grep allow_url_fopen disable_functions = "show_source, system, shell_exec, passthru, popen, proc_open, proc_close, allow_url_fopen, symlink, dl" allow_url_fopen = On
the "allow_url_fopen = On" overrides "disable_functions" ? thx

• 

  24x7ss

  • November 25, 2014 17:29

  It good idea to keep allow_url_fopen disabled. As you are hosting wordpress/Joomla sites then you can use curl function as an alternative of allow_url_fopen.

  0
• 

  cPanelMichael

  • November 26, 2014 12:54

  Hello :) I have moved this thread to our "Security" forum. You can find several discussions of this option in previous threads if you search for "allow_url_fopen". Thank you.

  0
• 

  abdelhost77

  • November 26, 2014 15:07

  You may use Curl instead of allow_url_fopen which better stays to "OFF" function file_get_contents_curld($url) { $ch = curl_init(); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_URL, $url); $data = curl_exec($ch); curl_close($ch); return $data; }

  0

Please sign in to leave a comment.