If the applications in your system use PHP, then you are open to a lot of risks and vulnerabilities. These are often exploited by attackers through various ways like file inclusion attacks, unregistered executable files and system error messages. You can prevent any sensitive information in your server from being leaked using the methods given below.
Error messages might at time reveal crucial information about your system. These can be used by attackers to hack into your server. This data might comprise of information like database names, usernames and directory structure. You can prevent others from accessing your information by limiting the PHP errors that are displayed on the applications user interface.
You can restrict error messages from being displayed by switching off the display_errors option. It is available within WHM’s PHP Security Concepts interface under the Advanced Mode section which can be located at WHM > Home > Service Configuration > PHP Configuration Editor.
Vulnerable servers are often broken into by attackers through malicious file uploads. You can prohibit external users from exploiting your PHP settings by limiting all upload permissions so that they are unable to inject their PHP scripts.
It is suggested that you deactivate the file_uploads directive in the Advanced Mode section to take away file upload permissions. You can find it within the PHP Security Concepts interface located at WHM > Home> Service Configuration > PHP Configuration Editor.
You can secure your session IDs by using the session.cookie_httponly directive found under the Advanced Mode section of WHM’s PHP Security Concepts interface. It is accessible through WHM > Home > Service Configuration > PHP Configuration Editor.
A PHP script can accept and process variables even though it might not have a specified source using global variables. Attackers use this opportunity to rewrite configuration variables so that they might be able to get into parts of your system that are normally restricted. You can turn off the the register_globals directive in WHM’s Advanced Mode section to prevent this from happening.
Protect your PHP files from all kinds of exploits and vulnerabilities through different options like limiting file uploads, hiding your server information and deactivating global registers.