FAQ » Servers
Warning: shell_exec() has been disabled for security reasons
On a typical cPanel server, you'll find that shell_exec is disabled by default.
Warning: shell_exec() has been disabled for security reasons in /home/<user>/public_html/.../<file>.php
If you see a warning or error like this, it means that
shell_exec() is disabled.
This is because of a
This directive allows you to disable certain functions. It takes on a comma-delimited list of function names.
This directive must be set in
php.iniFor example, you cannot set this in
On most Linux-based systems you'll find
cPanel MultiPHP INI Editor
It's recommend editing the files with WHM's MultiPHP INI Editor interface to ensure that an operable version of PHP exists on the system.
- Login to WHM
- Under the Software section go to MultiPHP INI Editor
- Go to Editor Mode and choose the PHP Version
- You should be able to change the
On systems that run EasyApache 4, each version of PHP uses a separate php.ini file. You must make changes separately to
each file. Each file exists in the
/opt/cpanel/ea-php72/root/etc/php.ini file, where
72 is the PHP version number.
|PHP Version||File Path|
You can check each file by doing the following:
# cat /opt/cpanel/ea-php74/root/etc/php.ini | grep disable_functions disable_functions =
In this example, we can see that the
disable_functions line is empty, so we need to check elsewhere...
It may be worth checking for a
.user.ini or the
.htaccess file, or even a domain configuration.
Confusingly and largely undocumented, you'll find that each domain name has its own configuration per version of PHP.
For example, if the PHP Version is
7.4, and the domain is
example.com, then the file path would be:
You can check this file by doing the following:
# cat /opt/cpanel/ea-php74/root/etc/php-fpm.d/example.com.conf | grep disable_functions php_admin_value[disable_functions] = exec,passthru,shell_exec,system
In this case, you can see
shell_exec is set, so we should remove this.
You could use an editor like
nano to edit or completely remove it.
Or, you can use the
sed command to remove it:
sed -i 's/php_admin_value[disable_functions] = exec,passthru,shell_exec,system//' /opt/cpanel/ea-php74/root/etc/php-fpm.d/example.com.conf
After that you can restart Apache/PHP-fpm using the following command:
# /scripts/restartsrv_apache_php_fpm Service Status apache_php_fpm restarted successfully.
Last updated: 2022-03-07