Apache + PHP - disable functions to increase security
If you give access to your VPS / Root server you can easily increase it's security by modifing list of disabled PHP functions.
Update php.ini file on the server - Ubuntu/Debian -/etc/php5/apache2/php.ini
- Centos/Rhel - /etc/php.ini
disable_functions = php_uname, getmyuid, getmypid, passthru, leak, listen, diskfreespace, tmpfile, link, ignore_user_abord, shell_exec, dl, set_time_limit, exec, system, highlight_file, source, show_source, fpaththru, virtual, posix_ctermid, posix_getcwd, posix_getegid, posix_geteuid, posix_getgid, posix_getgrgid, posix_getgrnam, posix_getgroups, posix_getlogin, posix_getpgid, posix_getpgrp, posix_getpid, posix, _getppid, posix_getpwnam, posix_getpwuid, posix_getrlimit, posix_getsid, posix_getuid, posix_isatty, posix_kill, posix_mkfifo, posix_setegid, posix_seteuid, posix_setgid, posix_setpgid, posix_setsid, posix_setuid, posix_times, posix_ttyname, posix_uname, proc_open, proc_close, proc_get_status, proc_nice, proc_terminate, phpinfo, apache_child_terminate, apache_setenv, ini_get_all, escapeshellcmd, escapeshellarg
It will genereate a PHP Warning error message, e.q.
PHP Warning: phpinfo() has been disabled for security reasons