Disclosure: Hosting Canada is community-supported. We may earn a commission when you make a purchase through one of our links. Learn more.

Prevent access to php.ini

If your php.cgi or php.ini files are in the risk to be accessed by someone through their web browser, you can limit their access by using .htaccess.

However, the option to edit the php.ini file is not offered by all the web hosting companies. It’s true, especially for shared hosting service providers where hundreds of websites are running by a single PHP installation.

But fortunately, you have a workaround. The php.ini rules can be embedded in your .htaccess file.

For enabling this, you need to create an .htaccess file by following the guidance and the main instructions that include the text below.

<FilesMatch "^php5?\.(ini|cgi)$">
Order Deny,Allow
Deny from All
Allow from env=REDIRECT_STATUS