Search Our Database

How to enable or customize disabled PHP functions globally in DirectAdmin

Last updated on Jul 7,2025 |

under

Applications and Software, Content Management System, DirectAdmin

by wynston

Introduction

DirectAdmin is a widely used control panel that simplifies server management tasks. Among its many features is the secure_php option within its CustomBuild system, designed to bolster security by disabling specific PHP functions frequently exploited in malicious scripts. These include functions like exec, system, shell_exec, proc_open, and others.

This guide focuses on globally enabling, customizing, or disabling the default set of PHP functions via the secure_php mechanism in DirectAdmin. It is particularly suited for administrators managing shared hosting environments or those looking to enforce consistent PHP behavior across all domains. The method ensures a single point of control, avoiding the complexity of per-user or per-domain configuration overrides.

Prerequisites

DirectAdmin installed with root or administrative access
CustomBuild v2 (installed by default with DirectAdmin)
Basic SSH and command-line proficiency

Step-by-step Guide

Step 1: Enable secure_php in CustomBuild

To activate secure_php and apply DirectAdmin’s default security settings:

cd /usr/local/directadmin/custombuild
./build set secure_php yes
./build secure_php

This command modifies all PHP php.ini files to disable several high-risk functions and enable other security options.

🖊️ Tip: Check the output of /usr/local/directadmin/custombuild/custombuild.log for confirmation such as secure_phpini: /usr/local/php74/lib/php.ini secured.

Step 2: Verify Disabled PHP Functions

After applying secure_php, check the current list of disabled functions:

grep disable_functions /usr/local/php*/lib/php.ini

You should see a list like:

disable_functions = exec,system,passthru,shell_exec,proc_open,popen

Step 3: Customize Disabled PHP Functions Globally

To define a custom list of disabled functions:

mkdir -p /usr/local/directadmin/custombuild/custom
echo "exec,system" > /usr/local/directadmin/custombuild/custom/php_disable_functions
cd /usr/local/directadmin/custombuild
./build secure_php

This example disables only exec and system, and will apply the configuration across all PHP versions installed by CustomBuild.

Step 4: Revert or Clear Disabled Functions

To remove all globally disabled functions while still keeping other secure_php protections:

echo "" > /usr/local/directadmin/custombuild/custom/php_disable_functions
cd /usr/local/directadmin/custombuild
./build secure_php

This leaves secure_php enabled but clears the disable_functions line in all PHP configuration files.

Step 5: Fully Revert Secure PHP Configuration

If the secure_php mode is no longer needed:

./build set secure_php no
./build set php_ini yes
./build php_ini
./build set php_ini no

This restores all PHP configurations to their default state and disables secure hardening.

Conclusion

This article covered how to globally enable or customize PHP function restrictions in DirectAdmin using the secure_php feature. This approach ensures uniform PHP behavior across all domains and simplifies server security management. Whether disabling potentially dangerous functions or clearing restrictions for broader compatibility, these steps offer comprehensive control via CustomBuild.

Should you have any inquiries about the guidelines, please feel free to open a ticket through your portal account or contact us at support@ipserverone.com. We’ll be happy to assist you further.