How to harden PHP 7 and earlier versions using cPanel

PHP is the most widely used backend for most applications. Recently PHP 8.0 was launched with many new features. However, if your application is still on PHP 7.0 or an earlier version, there are a few steps you can take  to help harden your PHP to achieve better security. This article shows you steps to configure PHP settings to decrease security issues with PHP 7 and below.

Checking the PHP version 

To check the PHP version, follow these steps:

1. Log in to cPanel.If you do not know how to log in to your cPanel account, please see this article.
2. Open the PHP Selector:
   • If you are using the Jupiter theme, on the Tools page, in the Software section, click Select PHP Version:
   • If you are using the Paper Lantern theme, in the SOFTWARE section of the cPanel home page, click Select PHP Version:
     
   If you do not see the Select PHP Version icon, your server does not support this feature. 
3. cPanel displays the current PHP version. Hostvento Hosting supports several PHP versions, starting at 4.4 to 8.0:To change the PHP version, in the Current PHP Version list box, select the version that you want to use. The new PHP version takes effect immediately. 

Configuring PHP settings to harden PHP

To help harden PHP for better security, follow the steps below to update the recommended PHP settings:

1. Click the Options tab to configure the PHP settings:
2. cPanel displays the available options with default values. Any changes you make to the default values are automatically updated.

Setting individual PHP options 

Remote Connections Settings

1. Remote content can be harmful at times, and it’s best to set the configuration to allow fopen wrappers to only load local content. To allow fopen wrappers to only load local content and not open remote URLs,clear the  allow_url_fopenand allow_url_include check boxes:

Script processing time

1. A well written PHP script should only take about a maximum of 30 seconds to run. We recommend setting both max_input_time and max_execution_time parameters to 30 seconds. Change both the default max_input_time from -1 second  and max_execution_time from 300 seconds to 30 seconds:Default setting:Recommended setting:

Memory settings

1. In the memory_limit list box, change the default memory limit from 768M to a lower memory limit. This limits the memory usage by any running scripts:

PHP exposure 

1. To change the default PHP version exposure clear the expose_php check box:Default setting:Recommended setting:

Error Handling

1. Error messages often contain information about the server and application, which is helpful for debugging, but also to hackers. Wes recommend not displaying any errors to end users in production code, and instead logging them for further troubleshooting. To harden error handling settings, do the following:

• Clear the display_errors check box.
• Set a path for the error_log setting and select the log_errors check box.
• (Optional) Change the error_reporting level.

File  Uploads

1. If your application does not use file uploads, clear the file_uploads check box. Otherwise, to allow file uploads, select the file_uploads check box:
2. To set the maximum upload file size, in the upload_max_filesize list box select the maximum allowed size: