I have several domains that do not need or use PHP. Would be nice if I could just disable it in the CP. Just make it an option in the PHP version drop-down.
thanks for the feedback. What do you think would be the advantage?
Elimination of any PHP vulnerability and possibly performance.
The PHP vulnerability should not be a concern for you if you’re not running PHP scripts on your users: if you run pure HTML files only, the PHP interpreter is not called by the web server. This would be a concern only if someone gains access via shell or sftp and runs scripts on your server without you noticing… but at that point, PHP is not the cause of the vulnerability.
Performance shouldn’t change either: since you don’t run PHP scripts, the interpreter is not loaded by the web server.
All the same, I would still like the option to just shut it off.
A post was split to a new topic: How to disable PHP in selected directories
Great info! Thank you.
This is my full .htaccess code if I want to disable PHP in a directory.
<IfModule mod_mime.c> RemoveHandler .php .phtml .php3 .php4 .php5 RemoveType .php .phtml .php3 .php4 .php5 </IfModule> <IfModule mod_php5.c> php_flag engine off </IfModule>
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.