allow_url_fopen set to Off ?

postcd

Well-Known Member
Oct 22, 2010
721
20
68
Hello, PHPSecInfo script told be i should turn off "allow_url_fopen", is it safe to do it on WHM server which hosting Wordpress and Joomla?

i found this in phpini:
Code:
cat /usr/local/lib/php.ini | grep allow_url_fopen
disable_functions = "show_source, system, shell_exec, passthru, popen, proc_open, proc_close, allow_url_fopen, symlink, dl"
allow_url_fopen = On
the "allow_url_fopen = On" overrides "disable_functions" ?

thx
 

24x7ss

Well-Known Member
Sep 30, 2014
272
19
68
India
cPanel Access Level
Root Administrator
Twitter
It good idea to keep allow_url_fopen disabled. As you are hosting wordpress/Joomla sites then you can use curl function as an alternative of allow_url_fopen.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,903
2,237
463
Hello :)

I have moved this thread to our "Security" forum. You can find several discussions of this option in previous threads if you search for "allow_url_fopen".

Thank you.
 

abdelhost77

Well-Known Member
Apr 25, 2012
116
2
68
Morocco
cPanel Access Level
Root Administrator
You may use Curl instead of allow_url_fopen which better stays to "OFF"


function file_get_contents_curld($url) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}