php.ini variables

bump

WordPress will work with the most secure settings you can come up with, most likely. It doesn’t have any specific requirements.

I went with the settings in php.ini-recommended and it stopped working. I guess I could look in the server logs to see what it doesn’t like. (brilliant!)

Yes? What did you find? Just in case someone ever needs to resolve this issue again.

safe_mode = Off
safe_mode_gid = Off
safe_mode_include_dir =
safe_mode_exec_dir =
safe_mode_allowed_env_vars = PHP_
expose_php = Off
error_reporting  =  E_ALL
display_errors = Off
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
register_globals = Off
register_long_arrays = Off
register_argc_argv = Off
auto_globals_jit = On
magic_quotes_gpc = Off
magic_quotes_runtime = Off
magic_quotes_sybase = Off
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
allow_url_fopen = On
allow_url_include = Off
sql.safe_mode = Off

These are settings I look at and consider carefully. Most reflect the php.ini-recommended settings. Most are defaults. PHP isn’t inherently insecure. Good coding practices are more important. (Wherein WordPress is excellent.) Running PHP programs under Apache suExec or FastCGI lets you set Unix-style permissions tighter, limiting program access to owner, without group and other loopholes. I always lock my wp-admin folder as per instructions found at https://codex.www.ads-software.com/Hardening_WordPress.