Wanted to be aware what may be the security cautions I ought to learn about PHP Hosting?


Here are the things:

  • Disable functions like eval, passthru, spend_professional,etc
  • Remote url injection, disable allow_url_fopen
  • Disable register_globals

Also keep in mind:

  • You're responsible too. Write secure code, read security lessons available.

PHP Security Guide

Finally as recommended by Rook, you need to run:

PHPSecInfo script to determine security configurations of the host.


Should you speak as developer (and never as hoster), then don't depend about the server -- write secure code and also you will not be injured by any php configuration directive ever.