For a start, put disable_functions = “system, exec” in php.ini.

expose_php = Off
display_errors = Off
allow_url_fopen = Off

session.use_trans_sid = 0
session.use_only_cookies = 1

#output_buffering = 4096

#per vhost:

      php_admin_flag safe_mode On
      php_admin_value open_basedir "/var/www/domain_dir/:/home/"
      php_admin_value sendmail_from webmaster@example.com

      php_admin_flag display_errors On
      php_admin_value safe_mode_include_dir "/usr/share/php/"

# php_admin_value default_charset “UTF-8”

      php_admin_value default_charset "windows-1250"

- styling needed

PHP to secure a setup, a good start is a secure php.ini, for example:

• disable the Fopen Wrapper, allow_url_fopen = Off
• use disable_classes and disable_functions like

ini_alter, ini_get_all, ini_get, ini_restore, ini_set, php_get_tmpdir, php_ini_scanned_files, php_logo_guid, php_uname, phpcredits, phpinfo, phpversion, putenv, restore_include_path, set_include_path, set_time_limit, version_compare, zend_logo_guid, zend_version, show_source, system, shell_exec, passthru, exec, proc_open, time_limit, version_compare, zend_logo_guid, zend_version, show_source, system, shell_exec, passthru, exec, proc_open etc. etc.

• set register_globals = off
• set log_errors = on, error_reporting and error_log
• use open_basedir and include_path
• use safe_mode if possible

• Suhosin Configuration
• PHP Hardening-Patch
• PHP Security Guide
• [ISN] Secure PHP Configuration (local mirror)

Things that will make your PHP code execute a bit faster .. remember that blowt code will still remain blowt code!, so try to do as much optimization as posible inside algorthyms you are coding.

• See A HOWTO on Optimizing PHP
• See Optimizing PHP Scripts
• See Accelerating PHP Applications (International PHP Conference 2004 - Ilia Alshanetsky)
• See Golden Rules for Optimizing Your Pages
• See Quebeck-Conf-Slides: Performance-Workshop (PDF)
• See Zend/PHP Expo Slides: Building Scalable PHP Applications (PDF)

Get Zend optimizer from http://www.zend.com/products/zend_optimizer or here (Local mirrors)

php.ini

[Zend]
zend_optimizer.enable_loader=0
zend_optimizer.disable_licensing=0
zend_optimizer.licence_path=0

php.ini

[Zend]
zend_optimizer.optimization_level=15
zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-2.1.0
zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-2.1.0
zend_extension=/usr/local/Zend/lib/ZendExtensionManager.so
zend_extension_ts=/usr/local/Zend/lib/ZendExtensionManager_TS.so

Fix the paths to the Zend libraries

• Download source from http://eaccelerator.net/
• Requirements: apache 1.3, apache 2.0 (prefork), mod_php4/5, autoconf, automake, libtool, m4

export PHP_PREFIX="/usr"
$PHP_PREFIX/bin/phpize
./configure --enable-eaccelerator=shared --with-php-config=$PHP_PREFIX/bin/php-config
make
make install

• See Instalation from source

/etc/php/*/php.ini

[EAccelerator]
zend_extension="/usr/local/lib/php/extensions/no-debug-non-zts-20020429/eaccelerator.so"
eaccelerator.shm_size="32"
eaccelerator.cache_dir="/tmp/eaccelerator"   ; if you use disk cache - folder MUST exist
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="1"                   ; doesn't save cache to disk (cache_dir)
eaccelerator.compress="0"
eaccelerator.compress_level="9"

[Zend]
zend_optimizer.optimization_level=15
zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-2.5.10
zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-2.5.10
zend_optimizer.version=2.5.10a
zend_extension=/usr/local/Zend/lib/ZendExtensionManager.so
zend_extension_ts=/usr/local/Zend/lib/ZendExtensionManager_TS.so

Be sure to fix the PATH to Zend and eaccelerator libraries

eaccelerator php.ini tricks

Zend