To windows
install the system PHP
, for example, all versions of the php.ini
settings file is almost the same, go to the official website to download the version of PHP, then unzip and rename.
Assumptions installation php7.4
, installed in the server's root directory D: Download the Non-Thread Safe (NTS) version of the PHP program and then unzip and rename it to "php" folder, copy it to the root directory D below.
Open D:\php
under the php.ini-development
file, copy and rename it to php.ini
open the D:\php\php.ini
file, the following is the complete configuration process.
1, will short_open_tag = Off
be changed
short_open_tag = On
This amendment is the role of the template file used in some sites, such as <?? > This php code, can ensure that the code can be executed properly, in ecshop, dedecms such as templates and WordPress are also common in this type of code.
2, expose_php = On
which was changed to
expose_php = Off
The role is for site security, prohibited php version number is displayed, to prevent others attack site-specific vulnerabilities php version. Some sites you use Webmaster Tools for a check, what is the use of a web server, PHP version is much at a glance, for a particular version of PHP vulnerabilities, hiker certainly know, hide the version number though not solve the problem, but will hiker to increase the difficulty.
3. Find the following code
; On windows:; extension_dir = "ext
Here the front extension_dir remove the semicolon, and the PHP ext modify the installation path, as shown below. Note slash Do not write backwards, because I have PHP installed on the D drive.
extension_dir = "D:\php\ext"
4. Find max_execution_time = 30
the numbers 30
changed to 300
or 1200
. The maximum time for each role is to execute the script, the default is 30 seconds, may solve the problem because the speed and address of the server (such as foreign hosts) may always connected timeout.
5, search ;cgi.force_redirect = 1
, remove the semicolon in front, and the number 1
was changed 0
. cgi.force_redirect = 0
Your website url / as = your website: means that close to redirect execution php file, for security reasons to prevent others upload Trojans perform like url/sdf/muma.php
after such a file is executable PHP redirect, this configuration will be changed to 0 this type of redirection PHP file will not be executed.
This is why some sites are always linked to the horse, even after such modifications is vulnerable web front, the Trojan file is uploaded hiker, it will not run in such a way Trojan files, so there is no use.
6, look for the code ;cgi.fix_pathinfo=1
to remove the semicolon and supplies the digital 1
read 0
. Effect is to prohibit unlawfully php file, such as /a.jpg/1.php
a php file in the pictures belong to such illegal and prohibit execution is set to 0. This Trojan disguised as a picture file upload has long existed to prohibit this type of file is run, even if uploaded a Trojan horse, since the operation is not allowed, so there is no use.
7, to find the code fastcgi.impersonate = 1
in front of the semicolon removed. Role iis
or nginx
using fastcgi
parse php files, do not open the program can not run php, Apache is not open.
8, search cgi.rfc2616_headers = 0
remove the semicolon and the 0
change 1
. Php mean to tell what kind of headers, header What is it? Like HTTP/1.1
this: .
9, search upload_tmp_dir =
, delete the semicolon in front and add the path as follows:
upload_tmp_dir = D:\php\temp
Meaning that the temporary directory to upload files, virtual directory used to store temporary site to upload files, but does not actually upload any files in it.
10, respectively, the following code search, one per line, respectively, to remove the front of the semicolon (Note semicolon, meaning not effective, it will take effect removed):
extension=bz2 extension=curl extension=gd2 extension=gmp extension=mbstring extension=php_mysql.dll extension=mysqli extension=pdo_mysql
11, find date.timezone =
remove the semicolon and so modified as follows:
date.timezone = Asia/Shanghai
Attention to the case, meaning the time format, default Beijing (East Area 8), so you can make time and time server program, or it may be the time when you send the article shows the actual time and not the same as, if not set time may be a difference of 8 hours, which can be set date.timezone = PRC
, set the time zone is in China, PRC is referred to the time zone of China.
These are the complete php.ini configuration file, there really is safety at three sites and set up a relationship, because of this document generally only set once, then are not going to change, so some questions are not easy to find.