A secure and optimized PHP environment is crucial for performance, stability, and protection in shared hosting. This guide provides a structured reference for hardening and tuning PHP on CloudLinux 9.5 with cPanel , leveraging PHP Selector and CageFS .
π File Path
Global PHP settings and hardening configurations can be controlled via:
/etc/cl.selector/php.confβοΈ Important Commands
Run these after modifying PHP settings to ensure changes are propagated:
cagefsctl --rebuild-alt-php-ini
cagefsctl --force-update
cagefsctl -Mπ Security-Related Directives
Directive Default Recommended Notes allow_url_fopenOff β
Off Prevents remote file inclusion. allow_url_includeOff β
Off Major security risk if enabled. register_globalsOff β
Off Deprecatedβensure it’s off. magic_quotes_gpcOn β Off Deprecated since PHP 5.4. safe_modeOff β
Off Removed as of PHP 5.4βkeep disabled. expose_phpOff β
Off Hides PHP version in HTTP headers. open_basedirβ β
Set path Restrict file access per domain/account.
π Performance & Error Handling
Directive Default Recommended Notes display_errorsOn β Off in production Prevents error output leakage to users. error_reportingE_ALL & ~E_NOTICE β
Avoid notices, log warnings & criticals. log_errorsOff β
On Always log errors instead of showing. output_bufferingOn β
On Enhances performance, especially for CMS. zlib.output_compressionOff β
On (optional) Compress output; monitor compatibility.
π¬ Uploads & Mail
Directive Default Recommended Notes file_uploadsOn β
On Required by most PHP applications. upload_max_filesize1G β
As needed Set per-app; don’t set too high unnecessarily. post_max_size1G > upload size Must exceed upload_max_filesize. memory_limit256M 512Mβ1G Depends on workload: WordPress, Magento, etc. mail.force_extra_parametersβ Optional Use for customized sendmail paths or envelopes.
π Timezone & Sessions
Directive Default Recommended Notes date.timezoneEurope/London Match region Use regional zone (e.g., Europe/London) for consistency. session.save_path/tmp Set per account Use CageFS paths for isolation and security.
π οΈ Path & Compatibility Settings
Directive Default Recommended Notes include_path.;/path/to/php/pear Customize Required for PEAR or PHP Composer environments. short_open_tagOn β Off (if possible) Encouraged to use full <?php tag in modern code. mysql.allow_persistentOn β οΈ With care Monitor memory and performance with persistent connections.
π§Ό Clean-Up Notes
Remove or ignore deprecated settings if running PHP 5.4 or higher.
Ensure your configuration supports all enabled applications.
Always test on a staging environment before production deployment.
β
Final Recommendations
Use WHM β MultiPHP INI Editor or CloudLinux PHP Selector for per-version/per-user PHP settings.
After making changes: cagefsctl --rebuild-alt-php-ini cagefsctl --force-update cagefsctl -M
Audit PHP runtime behavior and module usage with: php -i php -m php -v
