Securing PHP

To secure PHP and prevent an attacker from executing malicious code you can include the following lines into your php.ini:

disable_functions = exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source

;disable_functions =

If you need these functions for any reasons you can just comment the first line and uncomment the 2nd, and to restrict it back again you do the opposite

You can also add/modify the following to hide the information that you're using php

expose_php = off