Warning: ini_set() has been disabled for security reasons
Moderator: General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
- asadallahi
- Joomla! Enthusiast
- Posts: 133
- Joined: Thu Mar 30, 2006 8:42 pm
- Location: IR.Iran
- Contact:
Warning: ini_set() has been disabled for security reasons
hi
i changed my host when i installed joomla in my new host site comes up but an error appears:
Warning: ini_set() has been disabled for security reasons in /home/memor/public_html/libraries/joomla/session/session.php on line 649
how can i fix it?
i installed joomla 1.5.4
i changed my host when i installed joomla in my new host site comes up but an error appears:
Warning: ini_set() has been disabled for security reasons in /home/memor/public_html/libraries/joomla/session/session.php on line 649
how can i fix it?
i installed joomla 1.5.4
http://www.itgate.ir =>The Gate to the Cyber World
- dhuelsmann
- Joomla! Master
- Posts: 19659
- Joined: Sun Oct 02, 2005 12:50 am
- Location: Omaha, NE
- Contact:
Re: Warning: ini_set() has been disabled for security reasons
This is not a Joomla issue. Your host has disabled the php function ini_set(). You will need to talk to them.
Regards, Dave
Past Treasurer Open Source Matters, Inc.
Past Global Moderator
http://www.kiwaniswest.org
Past Treasurer Open Source Matters, Inc.
Past Global Moderator
http://www.kiwaniswest.org
-
- Joomla! Apprentice
- Posts: 6
- Joined: Mon Aug 25, 2008 5:26 pm
Re: Warning: ini_set() has been disabled for security reasons
Also, please update to 1.5.6 as soon as possible due to the hacking problems sites have been experiencing!
- asadallahi
- Joomla! Enthusiast
- Posts: 133
- Joined: Thu Mar 30, 2006 8:42 pm
- Location: IR.Iran
- Contact:
Re: Warning: ini_set() has been disabled for security reasons
ok. thanks
i upgrade it to 1.5.6
but nothing changed !!
can you help me fix it?
i upgrade it to 1.5.6
but nothing changed !!

can you help me fix it?
http://www.itgate.ir =>The Gate to the Cyber World
- dhuelsmann
- Joomla! Master
- Posts: 19659
- Joined: Sun Oct 02, 2005 12:50 am
- Location: Omaha, NE
- Contact:
Re: Warning: ini_set() has been disabled for security reasons
asadallahi wrote:ok. thanks
i upgrade it to 1.5.6
but nothing changed !!![]()
can you help me fix it?
dhuelsmann wrote:This is not a Joomla issue. Your host has disabled the php function ini_set(). You will need to talk to them.
Regards, Dave
Past Treasurer Open Source Matters, Inc.
Past Global Moderator
http://www.kiwaniswest.org
Past Treasurer Open Source Matters, Inc.
Past Global Moderator
http://www.kiwaniswest.org
- asadallahi
- Joomla! Enthusiast
- Posts: 133
- Joined: Thu Mar 30, 2006 8:42 pm
- Location: IR.Iran
- Contact:
Re: Warning: ini_set() has been disabled for security reasons
any way to do it?
like writing some code in ".htaccess" file?
like writing some code in ".htaccess" file?
http://www.itgate.ir =>The Gate to the Cyber World
- serafix
- Joomla! Fledgling
- Posts: 4
- Joined: Thu Mar 02, 2006 6:48 pm
Re: Warning: ini_set() has been disabled for security reasons
Do this:asadallahi wrote:any way to do it?
like writing some code in ".htaccess" file?
1. In you joomla root folder, create a file called "php.ini".
2. Edit that file and type "disable_functions =".
3. Save the file and refresh you website.
4. Enjoy every day... It never come´s back.
Serafix
Happy Joomling
Enjoy every day... It never come's back!
~ : )
Enjoy every day... It never come's back!
~ : )
- asadallahi
- Joomla! Enthusiast
- Posts: 133
- Joined: Thu Mar 30, 2006 8:42 pm
- Location: IR.Iran
- Contact:
Re: Warning: ini_set() has been disabled for security reasons
i did it but it does not work!Do this:
1. In you joomla root folder, create a file called "php.ini".
2. Edit that file and type "disable_functions =".
3. Save the file and refresh you website.
4. Enjoy every day... It never come´s back.
Serafix
http://www.itgate.ir =>The Gate to the Cyber World
- dhuelsmann
- Joomla! Master
- Posts: 19659
- Joined: Sun Oct 02, 2005 12:50 am
- Location: Omaha, NE
- Contact:
Re: Warning: ini_set() has been disabled for security reasons
If your host is disabling functions for security reasons you are unlikely to be allowed to run your own copy of php.ini. Have you contacted your host at all??
Regards, Dave
Past Treasurer Open Source Matters, Inc.
Past Global Moderator
http://www.kiwaniswest.org
Past Treasurer Open Source Matters, Inc.
Past Global Moderator
http://www.kiwaniswest.org
- asadallahi
- Joomla! Enthusiast
- Posts: 133
- Joined: Thu Mar 30, 2006 8:42 pm
- Location: IR.Iran
- Contact:
Re: Warning: ini_set() has been disabled for security reasons
Yes
i contact them they finally accept my request and enable it
and it solved
thanks a lot for you help
i contact them they finally accept my request and enable it
and it solved
thanks a lot for you help
http://www.itgate.ir =>The Gate to the Cyber World
-
- Joomla! Fledgling
- Posts: 1
- Joined: Tue Sep 09, 2008 5:25 pm
- Contact:
Re: Warning: ini_set() has been disabled for security reasons
Hello,
I am a network admin and I bring answers. First, creating a php.ini yourself and just adding disable_function is a bad idea as you should really pull a copy of the master php.ini. If you have access to your own server with (root) not jail shell access (also assuming it is a linux environment: Redhat or CentOS) you can type the following:
php -i | grep php.ini
The above command will tell you exact path for the true php.ini location. After running it, the system will blurb this to your screen:
root@host [/..]# php -i | grep php.ini
Configuration File (php.ini) Path => /usr/local/lib
Loaded Configuration File => /usr/local/lib/php.ini
So then we just go there: cd /usr/local/lib
Now we copy it: cp php.ini php.2
Now we move it to your root directory:
mv php.2 /home/username/public_html
Now we goto your root directory: cd /home/username/public_html
Now we rename it: mv php.2 php.ini
Now we restore ownership: chown username:username php.ini
Open it up and find disable_functions= If you see init_set listed then it is disabled. If it is there, it is enabled so just remove it then save.
-----
Most of us do not have the luxury of having root access to a machine, so you can ask your host to disable it. However, they will most likely tell you to get a life and put your support request on hold for hours till you give up. If they say no ask them if they can put a custom php.ini file in your root directory /public_html/ then either they can make that change or you regarding ini_set
UPDATE: Failed to mention that sometimes the custom php.ini needs to be placed within the directory of the calling script.
Hope this helps. Cheers!
- Justin
Mobiuz Digital Media
http://www.mobiuz.com
I am a network admin and I bring answers. First, creating a php.ini yourself and just adding disable_function is a bad idea as you should really pull a copy of the master php.ini. If you have access to your own server with (root) not jail shell access (also assuming it is a linux environment: Redhat or CentOS) you can type the following:
php -i | grep php.ini
The above command will tell you exact path for the true php.ini location. After running it, the system will blurb this to your screen:
root@host [/..]# php -i | grep php.ini
Configuration File (php.ini) Path => /usr/local/lib
Loaded Configuration File => /usr/local/lib/php.ini
So then we just go there: cd /usr/local/lib
Now we copy it: cp php.ini php.2
Now we move it to your root directory:
mv php.2 /home/username/public_html
Now we goto your root directory: cd /home/username/public_html
Now we rename it: mv php.2 php.ini
Now we restore ownership: chown username:username php.ini
Open it up and find disable_functions= If you see init_set listed then it is disabled. If it is there, it is enabled so just remove it then save.
-----
Most of us do not have the luxury of having root access to a machine, so you can ask your host to disable it. However, they will most likely tell you to get a life and put your support request on hold for hours till you give up. If they say no ask them if they can put a custom php.ini file in your root directory /public_html/ then either they can make that change or you regarding ini_set
UPDATE: Failed to mention that sometimes the custom php.ini needs to be placed within the directory of the calling script.
Hope this helps. Cheers!
- Justin
Mobiuz Digital Media
http://www.mobiuz.com
- bobthebob01
- Joomla! Enthusiast
- Posts: 195
- Joined: Fri Oct 07, 2005 1:02 am
Re: Warning: ini_set() has been disabled for security reasons
Woa, thanks mobiuzhost for your detailed and clear explanation. It's really appreciated.
It's nice to have network admins sharing their experience with every body in such simple and easy to understand words.
cheers for that.
just a quick one: i read in another thread on the french board that you can simply add "@" in front of every occurrence of the word "ini_set" in libraries/joomla/session/session.php
And it's sound strange to me.
Does anybody have a comment on that?
thanks
bob
It's nice to have network admins sharing their experience with every body in such simple and easy to understand words.
cheers for that.
just a quick one: i read in another thread on the french board that you can simply add "@" in front of every occurrence of the word "ini_set" in libraries/joomla/session/session.php
And it's sound strange to me.
Does anybody have a comment on that?
thanks
bob
- alavi nik
- Joomla! Explorer
- Posts: 344
- Joined: Wed Sep 20, 2006 7:48 pm
- Location: Tehran,Iran
- Contact:
Re: Warning: ini_set() has been disabled for security reasons
Hello
you must create php.ini and copy it into joomla root and administrator folder
good luck ;-)
you must create php.ini and copy it into joomla root and administrator folder
good luck ;-)
Joomfa Team(Joomla farsi) ==> http://joomfa.org
- bobthebob01
- Joomla! Enthusiast
- Posts: 195
- Joined: Fri Oct 07, 2005 1:02 am
Re: Warning: ini_set() has been disabled for security reasons
thanks guys.
and indeed, on my server i had to copy php.ini in my administrator folder. it was not sufficient to have it at the root.
cheers
and indeed, on my server i had to copy php.ini in my administrator folder. it was not sufficient to have it at the root.
cheers
- EhabIT
- Joomla! Apprentice
- Posts: 16
- Joined: Wed Jul 22, 2009 12:02 pm
- Contact:
Re: Warning: ini_set() has been disabled for security reason
thank you guys this did help the problem 

-
- Joomla! Apprentice
- Posts: 7
- Joined: Sat May 17, 2008 4:26 pm
Re: Warning: ini_set() has been disabled for security reason
Nicely Done!!!! U Saves Lifes!!!serafix wrote:Do this:asadallahi wrote:any way to do it?
like writing some code in ".htaccess" file?
1. In you joomla root folder, create a file called "php.ini".
2. Edit that file and type "disable_functions =".
3. Save the file and refresh you website.
4. Enjoy every day... It never come´s back.
Serafix
- Adamdg
- Joomla! Apprentice
- Posts: 5
- Joined: Fri Mar 12, 2010 3:21 pm
Re: Warning: ini_set() has been disabled for security reason
I faced this problem after upgrading from 1.5.10 to 1.5.20:bobthebob01 wrote:
just a quick one: i read in another thread on the french board that you can simply add "@" in front of every occurrence of the word "ini_set" in libraries/joomla/session/session.php
And it's sound strange to me.
Does anybody have a comment on that?
bob
"ini_set() has been disabled for... line 102, 105 and 688"
I did exactly what Bob said: just simply add "@" in front of those 3 line and everythings fixed.
Just don't know how to explain...
But it works!!!
By the way, adding php.ini file with "disable_functions =" doesn't work!
And if it were caused by your hosting, i suggest asking your hosting provider as the best solution.
- reggaebkk
- Joomla! Enthusiast
- Posts: 163
- Joined: Mon Jul 14, 2008 1:39 pm
Re: Warning: ini_set() has been disabled for security reason
Greetings,
This thread is most interesting and educative.
Still I was wondering, having used joomla for several years and noticing this ini_set enabling to be a security risk on my VPS, why doesn't joomla development team fixes it.
Not complaining of course (joomla is free :P), but it seems that they are so quick to react to security flaw and give so good advise on how to set servers the right way... why don't they solve this ini_set issue?
Kindly
Mat
This thread is most interesting and educative.
Still I was wondering, having used joomla for several years and noticing this ini_set enabling to be a security risk on my VPS, why doesn't joomla development team fixes it.
Not complaining of course (joomla is free :P), but it seems that they are so quick to react to security flaw and give so good advise on how to set servers the right way... why don't they solve this ini_set issue?
Kindly
Mat
- mandville
- Joomla! Master
- Posts: 15140
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: Warning: ini_set() has been disabled for security reason
one reason is a lot of people dont have access to php.ini and are on shared serversreggaebkk wrote:Still I was wondering, having used joomla for several years and noticing this ini_set enabling to be a security risk on my VPS, why doesn't joomla development team fixes it.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
- reggaebkk
- Joomla! Enthusiast
- Posts: 163
- Joined: Mon Jul 14, 2008 1:39 pm
Re: Warning: ini_set() has been disabled for security reason
Thanks for this reply Miss MandVille.
Still, not having access to php.ini for some users is not a reason why VPS users (and it is advised to run Joomla on VPS), should have to go and tweak libraries/joomla/session/session.php in order to have their joomla/vps run safely.
Knowing all this maybe there should be a option in configuration to manage this session.php tweak...
does that make sense?
or not at all?
Kindly
Mat
Still, not having access to php.ini for some users is not a reason why VPS users (and it is advised to run Joomla on VPS), should have to go and tweak libraries/joomla/session/session.php in order to have their joomla/vps run safely.
Knowing all this maybe there should be a option in configuration to manage this session.php tweak...
does that make sense?
or not at all?
Kindly
Mat
- RussW
- Joomla! Exemplar
- Posts: 9347
- Joined: Sun Oct 22, 2006 4:42 am
- Location: Sunshine Coast, Queensland, Australia
- Contact:
Re: Warning: ini_set() has been disabled for security reason
Why?
ini_set, in itself, is not a security risk, if the server and php are configured correctly and with limits. The users cannot exceed what the admins set as a maximum, even if they try. So disabling ini_set is only "Security through Obscurity" not actually "Security"... on a properly configured server.
ini_set, in itself, is not a security risk, if the server and php are configured correctly and with limits. The users cannot exceed what the admins set as a maximum, even if they try. So disabling ini_set is only "Security through Obscurity" not actually "Security"... on a properly configured server.
Joomla! on the fabulous Sunshine Coast...
hotmango, web & print http://www.hotmango.me/
The Styleguyz https://www.thestyleguyz.com/
hotmango, web & print http://www.hotmango.me/
The Styleguyz https://www.thestyleguyz.com/
-
- Joomla! Explorer
- Posts: 309
- Joined: Mon Sep 12, 2005 5:23 am
- Location: Stockholm, Sweden
Re: Warning: ini_set() has been disabled for security reason
Just to follow up on this issue:
I received the same warnings as described in previous posts. The problem occurred suddenly and for no apparent reson. I solved the problem by adding @ to the mentioned lines 102, 105 and 655 in the sessions.php file in libraries/joomla/sessions.
What I would like to know is:
a) Why the problem occured in the first place (i.e. if the cause is Joomla-related after all)
and
b) If the remedy used (adding the @) has any security or other implications
Anyone's advise is most appreciated!
I am using Joomla 1.5.22 in a Linux environment.
I received the same warnings as described in previous posts. The problem occurred suddenly and for no apparent reson. I solved the problem by adding @ to the mentioned lines 102, 105 and 655 in the sessions.php file in libraries/joomla/sessions.
What I would like to know is:
a) Why the problem occured in the first place (i.e. if the cause is Joomla-related after all)
and
b) If the remedy used (adding the @) has any security or other implications
Anyone's advise is most appreciated!
I am using Joomla 1.5.22 in a Linux environment.
-
- Joomla! Fledgling
- Posts: 1
- Joined: Fri Dec 03, 2010 8:48 pm
Re: Warning: ini_set() has been disabled for security reason
I doubt if this subject has gone away - I've applied the Joomla patch to take it to 1.5.22 on a Zymic host and this problem appeared. However there appears to be a worthy explanation at:
http://www.zen-cart.com/forum/showthread.php?t=121807
Summarizing: The "fix" by adding the @ only suppresses the PHP error messages and does not fix the problem. A solution is quoted, which relates to the ability to send e-mails, if the hosting comapny refuses to make PHP setting changes.
I am not yet in a position to have checked it out, but it seems worth checking out.
http://www.zen-cart.com/forum/showthread.php?t=121807
Summarizing: The "fix" by adding the @ only suppresses the PHP error messages and does not fix the problem. A solution is quoted, which relates to the ability to send e-mails, if the hosting comapny refuses to make PHP setting changes.
I am not yet in a position to have checked it out, but it seems worth checking out.
- Z9iT
- Joomla! Enthusiast
- Posts: 166
- Joined: Fri Oct 14, 2011 8:15 am
- Contact:
Re: Warning: ini_set() has been disabled for security reason
I agree with you mandville, Shared hosting has its own repercussions.... I am also having such problem at the moment. Tough i have supressed the error message by adding // to those lines, however no one is able to login either into frontend, not into admin. Any Suggestions for this.mandville wrote:one reason is a lot of people dont have access to php.ini and are on shared serversreggaebkk wrote:Still I was wondering, having used joomla for several years and noticing this ini_set enabling to be a security risk on my VPS, why doesn't joomla development team fixes it.
As a footnote, the website is working perfectly fine on my virtual LAMP server by turnkey linux. I know this mess has been made by my hosting provider, but they are not ready to co-operate. Is it possible to resolve this at all????
http://z9it.com....Bringing the best of www, in a gist...
- leolam
- Joomla! Master
- Posts: 20591
- Joined: Mon Aug 29, 2005 10:17 am
- Location: Netherlands/ Germany/ S'pore/Bogor/ North America
- Contact:
Re: Warning: ini_set() has been disabled for security reason
Why are you Necroposting? This is a over 12 month old and dead threadZ9iT wrote:I agree with you mandville
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
-
- Joomla! Apprentice
- Posts: 12
- Joined: Wed Feb 10, 2010 1:37 pm
- Location: Cairo, EGYPT
- Contact:
Re: Warning: ini_set() has been disabled for security reason
Hello every body ,
The solution for putting a file ( php.ini ) is great ,
and it is better to allow you hosting provider give you a copy from this file and you can modify it and remove the part of "ini_set"
but be care to protect your website , it is not good to make your php.ini settings available for every one ,
with the upper solution any hacker can see your php settings from an easily link http://yourdomain/php.ini
Please every one , be care to set your file php.ini permission to be ( 640 )
This will prevent any one form see it and be available to download
Regards
The solution for putting a file ( php.ini ) is great ,
and it is better to allow you hosting provider give you a copy from this file and you can modify it and remove the part of "ini_set"
but be care to protect your website , it is not good to make your php.ini settings available for every one ,
with the upper solution any hacker can see your php settings from an easily link http://yourdomain/php.ini
Please every one , be care to set your file php.ini permission to be ( 640 )
This will prevent any one form see it and be available to download
Regards
- Z9iT
- Joomla! Enthusiast
- Posts: 166
- Joined: Fri Oct 14, 2011 8:15 am
- Contact:
Re: Warning: ini_set() has been disabled for security reason
My friend, recently i've been targetted with this... my host has done this sin on me, and now its been more than a month that i am trying to compensate this, however everything fails... none of my users including me can login either to frontend or backend... I was thinking to start a new thread, however i came across this... infact my host has also denied me with a copy of php.ini....leolam wrote:Why are you Necroposting? This is a over 12 month old and dead threadZ9iT wrote:I agree with you mandville
http://z9it.com....Bringing the best of www, in a gist...
- leolam
- Joomla! Master
- Posts: 20591
- Joined: Mon Aug 29, 2005 10:17 am
- Location: Netherlands/ Germany/ S'pore/Bogor/ North America
- Contact:
Re: Warning: ini_set() has been disabled for security reason
change host than. waiting a month is no solutionZ9iT wrote: infact my host has also denied me with a copy of php.ini....
Leo

Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
- PhilD
- Joomla! Hero
- Posts: 2737
- Joined: Sat Oct 21, 2006 10:20 pm
- Location: Wisconsin USA
- Contact:
Re: Warning: ini_set() has been disabled for security reason
Many hosts will not give a 'copy' of the servers php ini file to you as you would not be allowed to make certain changes to the server anyway. This is especially true on shared hosting (including VPS which is still shared hosting) where you are unlikely to make certain changes to the php installation on the server.
In most cases though, you can create your own php.ini file with a certain common subset of php commands that is made available. Exactly what the subset of commands is will be determined by your host. Also, unlike htaccess files and in general, php.ini files for a site have to be placed in every single directory on your domain to be effective.
If your web host is proving to be lacking in certain skills, difficult to work with, etc. then it would be best to find a new host that does know how to properly set up a server, maintain the server and provide reasonable customer service.
In most cases though, you can create your own php.ini file with a certain common subset of php commands that is made available. Exactly what the subset of commands is will be determined by your host. Also, unlike htaccess files and in general, php.ini files for a site have to be placed in every single directory on your domain to be effective.
If your web host is proving to be lacking in certain skills, difficult to work with, etc. then it would be best to find a new host that does know how to properly set up a server, maintain the server and provide reasonable customer service.
PhilD
- Z9iT
- Joomla! Enthusiast
- Posts: 166
- Joined: Fri Oct 14, 2011 8:15 am
- Contact:
Re: Warning: ini_set() has been disabled for security reason
Is there any standard php.ini file which i can download any use.. The server is running on cpanel
http://z9it.com....Bringing the best of www, in a gist...