Skip to Content

Using PHP’s open_basedir to help secure your WordPress site

We recently migrated a few WordPress websites to a shared environment.  One easy thing you can do to help secure sites in shared environments is to properly use PHP’s open_basedir.  PHP’s open_basedir limits the files that PHP can access outside of the specified directory.  You can use open_basedir in the Apache configuration file, php.ini or .htaccess. We used the below code in the Apache configuration file.
php_admin_value open_basedir /path/to/your/sitename
The php_admin_value is used to set the value of the directive.  When you use the php_admin_value as opposed to php_value, you cannot override the value in .htaccess or ini_set().  There is also php_flag and php_admin_flag that are used to set boolean configuration directives.  You can read more about them below.
Source and more information:
http://www.php.net/manual/en/configuration.changes.php
http://www.php.net/manual/en/ini.core.php#ini.open-basedir

Get in touch so we can start your
next web project!

Let us know what you’re looking for. We strive to respond in 48 hours, but, every now and then, life gets in the way, so be patient if there’s a delay.


    Back to top