Upgrading Your PHP Disabled Functions

To help keep your WordPress sites secure, SpinupWP has changed which PHP functions are disabled by default. However, these changes will only impact newly installed versions of PHP on your servers. To update your existing PHP installs, you’ll need to follow the instructions below.

But first, a warning. If your WordPress site relies on any of these PHP functions, disabling them could result in problems with your site. For example, if you’re using the EWWW Image Optimizer plugin it requires the exec() function which is one of the functions we’re about to disable. No matter what plugins you’re running, it’s a good idea to test thoroughly after performing this upgrade on an existing PHP install.

Option 1: Upgrade to PHP 7.3 (recommended)

If PHP 7.3 hasn’t yet been installed on your server, the quickest and easiest way to get this upgrade is to simply have SpinupWP install PHP 7.3 with the dangerous PHP functions disabled and update all your sites to run PHP 7.3.

First, you need to check if you have PHP 7.3 installed. SSH to the server using any user:

ssh username@

And run the following command:

ls /etc/php/7.3/fpm

If you get a “No such file or directory” message, you don’t have PHP 7.3 installed. To install PHP 7.3 on your server:

  1. Login to SpinupWP
  2. Visit the Settings screen of one of your sites on the server you just checked
  3. Select PHP 7.3 from the dropdown
  4. Save

PHP 7.3 will be installed with the dangerous PHP functions disabled. You can then update the rest of your sites to PHP 7.3 so that they all take advantage of the security upgrade.

If you already have PHP 7.3 installed on your server, you could wait for PHP 7.4. It is due to be released Nov 28 and we plan to make it available in SpinupWP shortly after that. So if you’re willing to wait that long for this security improvement, you could.

Option 2: Manually upgrade existing PHP installs

If you’d like to improve the security of your existing PHP installs, you can manually update your php.ini files:

SSH to the server using a sudo user:

ssh username@

Edit your php.ini file using your preferred editor. For example, using nano:

sudo nano /etc/php/{php_version}/fpm/php.ini

Find the disable_functions directive and update it to the following:

disable_functions = disk_free_space,disk_total_space,diskfreespace,dl,exec,opcache_get_configuration,opcache_get_status,passthru,pclose,pcntl_alarm,pcntl_exec,pcntl_fork,pcntl_get_last_error,pcntl_getpriority,pcntl_setpriority,pcntl_signal,pcntl_signal_dispatch,pcntl_sigprocmask,pcntl_sigtimedwait,pcntl_sigwaitinfo,pcntl_strerror,pcntl_waitpidpcntl_wait,pcntl_wexitstatus,pcntl_wifcontinued,pcntl_wifexited,pcntl_wifsignaled,pcntl_wifstopped,pcntl_wstopsig,pcntl_wtermsig,popen,posix_getpwuid,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,posix_uname,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system

Save the changes and reload PHP:

sudo service php7.3-fpm reload

Repeat as necessary for all installed PHP versions.