Warning: ini_get_all() has been disabled for security reasons

  • Resolved itscoolbro

    (@itscoolbro)


    8 years, 3 months ago

    Hey guys,

    I was in my website dashboard and saw there is an update available for wordpress, I just clicked on update and process has started, I was away for like 20 mins and once i came back, the last message on update page was “Disabling Maintenance mode…” I just waited another 20 mins but nothings changed. So i decided to reload the page but guess what, Now i can’t access WP-Admin and my website has an error on top of header:

    Warning: ini_get_all() has been disabled for security reasons in /home/itscoolb/public_html/wp-includes/load.php on line 1020

    How can i fix it guys? I can only access my website files via FTP and cpanel, Thank you

Viewing 15 replies - 61 through 75 (of 97 total)

  • I was having this problem also. I contacted my host and askedd about PHP version and it was 5.6.
    then I asked them to change the ini_get_all permissions.
    They did and all is back to normal.

    I was having this problem also on this site [Link redacted]. I was set [Link redacted] display_error Off

    All is back to normal.

    @patrickphotosuk: We both have tickets open with Fast2Host. I’ll post an update here when I get response from them.

    tnx the problem fixed by upgrating php version to 5.6 …

    Moderator Dominik Schilling

    (@ocean90)

    WordPress Core Developer

    To provide a fix for this issue I’m interested in a few details. If you could follow these steps that would be really helpful:

    1) Upload a file named disabled-functions.php with the following content into the root directory of your WordPress install (or download it here):

    <?php
echo '<pre>';
var_dump( phpversion() );
var_dump( ini_get( 'disable_functions' ) );
echo '</pre>';

    2) Open the file in your browser (example.org/disabled-functions.php, example.org is the URL of your site).
    3) Copy and paste the output in a comment in this thread.

    Thanks!

    Now resolved for my site: My hosting company updated my PHP version to 5.6.24, and I see (via info.php) that their php.ini for this version doesn’t include any values for disable_functions.

    @dominik:
    These are the relevant lines from the info.php that I saved when the problem occurred…

    PHP Version 5.5.31
    disable_functions shshow_source, system, shell_exec, passthru, exec, popen, proc_open, eval, symlink, link, readlink, dl, escapeshellarg, escapeshellcmd, ini_restore, apache_get_modules, get_cfg_var, ini_get_all

    Hello,
    I updated 20 WP-sites and the problem occured on only one page. The host is United-Domains. I updated the php-version to 5.6, and the error disappeared.

    Thanks for your great work and the hints here, Dominik and all the others!

    Hi all getting the same error … hope they fix this soon. I can not even log into my site. Anyone have a work around to at least be able to get to dashboard?

    I think the problem is solved after my server upgraded the php cause everyone getting this same problem…

    I have the same problem in my error_log, but my site is working just fine and the dashboard also. My PHP version was 5.4, I upgraded to 5.6 but the warning still remains.

    Dominik Schilling here is what I get on my site that is posting the errors.

    string(6) “5.6.24”
    string(80) “show_source, system, shell_exec, passthru, exec, phpinfo, popen, allow_url_fopen”

    Thread Starter itscoolbro

    (@itscoolbro)

    Hey gusy!! Host provider enabled it for me, I was gonna die lol Everything works like charm now.

    @markrh, Yes they did add phpinfo to disabled_functions, I told them to enable it for me otherwise i will change my host, They are one of the biggest host providers here tho but it seems like it’s about time to try a new host. Thanks

    Edit: While i was typing, they replied back and said It is not possible to enable this feature in shared hostings, does it mean i have to buy a dedicated server and pay $100 every month for a small website? lol, Thats so stupid. Is it normal or they are cheating?

    @hamada, They did, Thanks

    @javadusefpour, Contact your host provider and tell them to enable it for you, It fixed the problem for me.

    Moderator James Huff

    (@macmanx)

    @itscoolbro they’re cheating you. The call is common, perfectly safe, but they disabled it and now want you to pay for the privilege of having it re-enabled (when it should have never been disabled in the first place).

    This is a common tactic of disreputable hosts. All they have to do is modify your PHP configuration, something very easy for them to do on a shared server, but they want you to pay more to upgrade instead.

    If your host is putting you up against the wall over this, I strongly recommend replying to them with the following:

    Please enable ini_get_all() in my PHP configuration. This useful and purely informative call has not been a security risk for years (assuming the real security fix was properly applied to my server when it was released years ago). This perfectly safe call is used by WordPress 4.6 and, due to it being blocked in my PHP configuration, my site is now broken.

    We have already discussed this issue with WordPress at https://www.ads-software.com/support/topic/warning-ini_get_all-has-been-disabled-for-security-reasons

    If they still refuse, there’s no reason to continue to give them your business. We have a few recommended hosts at https://www.ads-software.com/hosting/ and instructions for moving at https://codex.www.ads-software.com/Moving_WordPress

    @all: Updating the PHP-Version to 5.6 has solved the issue. Thx to James Huff.

Viewing 15 replies - 61 through 75 (of 97 total)
  • The topic ‘Warning: ini_get_all() has been disabled for security reasons’ is closed to new replies.