Custom php.ini on a shared hosting


#1

Is it possible to put a custom php.ini file with “display_errors = off” into a blog folder to eliminate a security scan warning “Wordpress internal path:…”. Without that settings PHP just exposes internal path which is not right.


#2

you /can/ do that, but setting up a custom php.ini file isnt really a walk in the park on DH…

To be honest thou, i dont think you would need it.
WP errors arernt something you should see on a regular basis. if that happens than your wp is probly on the fritz and you should make sure its healthy… seeing that path is something that should happen only if you’re in development, not on a live site.

if you insist on trying - start here => http://wiki.dreamhost.com/PHP.ini

best
que


#3

You are right, never expose PHP warning in a live site especially if it contains server infor such as file path.

quedi is right. WP is quite stable and shouldn’t have this problem. Did you customize your WP? You need to be careful with your customization.

If you have to install a custom PHP.ini file, follow the wiki page and it is not hard to do.


#4

If you mean it exposes /home/user/domain.com/… that isn’t as dangerous as it might be. Anyone who has an account here has a general idea of what your path is. And since a lot of us use the same ID everywhere, you don’t have to stretch to guess /home/ipstenu/ipstenu.org/

You can put this in your wp-config.php and that may help

@ini_set('display_errors','Off');
@ini_set('error_reporting',0);

But as patricktan said, WP doesn’t normally spit out errors like that :slight_smile: If you’d like help debugging the error, we can do that too :slight_smile:


#5

Sounds like a “security plugin” that is just testing the waters and not actually an error.

@Ipstenu: Is there a reason to @prefix those directives?

@OP: You can direct display_errors = off in your very own phprc here at Dreamhost. Just set the domain to use PHP 5.3 and look at this simple method: Dreamhost phprc

Just read that first paragraph. The rest of that page is nothing more than confusing Wikiyabber garbage.

tldr: Create file: /home/username/.php/5.3/phprc and type display_errors = off in it. Save. Finished.


#6

Hi All,
First of all, happy new year and wishing you all peace, prosperity and fulfilment in 2013!

Second, thanks for all replies! That is exactly what I needed!

@sXi, yes, it’s just a “security plugin” that is just testing the system. After my blog was hacked I’m trying to eliminate some holes. And the “display_errors = off” was just one of many recommendations.