There are various reasons that you might want to force a website to use SSL. In general, if you have an SSL cert setup for your website, you should probably force all users to https even if the page doesn't contain sensitive data. In an ideal world, you would do this on the server side…
This setting is up there as one of the most dangerous settings you can have enabled on a web server. It will allow someone to potentially inject a tiny piece of code into your system that could in turn completely compromise your entire server. If you have some bad programming practices in place it could…
When it comes to dangerous PHP functions, allow_url_fopen is one that can be incredibly dangerous, but it is also something that is very useful and in most cases will need to remain enabled if you have written some advanced scripts. A common use for this setting would be with a REST based API. For example,…
The register_globals is a setting that should always be disabled. The method has been deprecated for some time and as of PHP 5.4 it no longer even exists. If you are running an older version of PHP it should be disabled if you are not using it. The big question here is, how can you…
When looking to buckle down your webserver, expose_php is often something that people suggest you disable. What does expose PHP do and why should it even be disabled? Well it doesn't really do much, and on its own it really doesn't do any harm to your server, but it does expose information that a hacker…