To home page

What Is php.ini?

How to create and use your own php.ini file on shared hosting (suPHP).

Every user can create their own php.ini file and place it in the directory where their scripts live. This lets you fine-tune your PHP settings without having to contact support every time.

Protecting your php.ini from public access

If you place php.ini anywhere inside public_html, make sure to block public access to it. Open (or create) the .htaccess file in your site's root — for example, /home/user/public_html, where user is your cPanel username — and add the following block:

<Files php.ini>
order allow,deny
deny from all
</Files>

This prevents anyone from viewing your php.ini file directly in a browser.

Important

When PHP is running as a CGI or suPHP handler, you cannot use php_flag, php_admin_flag, php_value, or similar directives inside .htaccess. Doing so will result in a 500 Internal Server Error.

Making php.ini apply globally

By default, a custom php.ini only affects the directory it's placed in. To make it apply to your entire site, add one of the following lines to your .htaccess file — right before the <Files> block above — depending on your server:

For most servers:

suPHP_ConfigPath /home/user/public_html

For hostde6 and hostde15:

lsapi_phpini /home/user/public_html

Replace user with your actual cPanel username.

File permission reference

Permission Meaning
644 Owner can write; others can only read (default for files)
444 Read-only for everyone, including your own scripts
755 Standard folder permissions (no changes needed)

Note that with 644 permissions, only scripts running under your own account can write to files — no one else can. Setting files to 444 adds an extra layer of security by making even your own scripts unable to modify them, though this is entirely optional.

As a general rule: don't change file permissions during script installation, even if the instructions tell you to. You can safely skip any CHMOD step.

Example php.ini with common parameters

Syntax: directive = value — lines starting with ; are comments and are ignored by PHP.

  • safe_mode = Off
  • disable_functions = — block specific PHP functions for security
  • max_execution_time = 30 — max script execution time in seconds
  • memory_limit = 16M — max memory a script can consume
  • error_reporting = E_ALL & ~E_NOTICE — show all errors except notices
  • display_errors = On — output errors to the browser (useful for debugging)
  • variables_order = "EGPCS" — order in which PHP registers variables: E = built-in, G = GET, P = POST, C = Cookies, S = Sessions
  • register_globals = On — allow GET/POST/Cookie/Session vars as regular variables
  • post_max_size = 55M — max size of POST data accepted
  • magic_quotes_gpc = On — auto-escape quotes from POST/GET/Cookie input
  • file_uploads = On — allow file uploads
  • ;upload_tmp_dir = — temp directory for uploads (create it if you set this)
  • upload_max_filesize = 5M — max size of a single uploaded file
  • session.save_handler = files — store session data in files
  • session.save_path = /tmp — directory for session files (create it if needed)
  • session.use_cookies = 1 — use cookies to track sessions
  • session.name = PHPSESSID — cookie name used to identify the session
  • session.auto_start = 0 — don't start a session automatically on every request
  • session.cookie_lifetime = 0 — session cookie expires when the browser is closed
  • session.use_trans_sid = 1 — append session ID to links automatically (fallback if cookies are disabled)

Help

If you have any questions or need assistance, please contact us through the ticket system — we're always here to help!

Updated at:
Need help?Our engineers will help you free of charge with any question in minutesContact us