Checklist for Securing PHP Configuration | Ayman Hourieh's Blog

• allow_url_fopen = Off
• register_globals = Off
• open_basedir = /var/www/htdocs/files
• safe_mode = Off
• safe_mode_gid = On
• safe_mode_exec_dir = /var/www/binaries
• safe_mode_allowed_env_vars = PHP_
• max_execution_time = 30 ; Max script execution time
• max_input_time = 60 ; Max time spent parsing input
• memory_limit = 16M ; Max memory used by one script
• upload_max_filesize = 2M ; Max upload file size
• post_max_size = 8M ; Max post size
• display_errors = Off
• log_errors = On
• expose_php = Off

  在某些地方顯示執行 PHP 的資訊 (例：在 HTTP Header 裡加上一行 X-Powered-By: PHP/5.2.4 及 Server: Apache/2.0.59 (Win32) PHP/5.2.4 )。

• <FilesMatch "\.(inc|.*sql|.*~)$">
    Order allow,deny
    Deny from all
  </FilesMatch>