Your web hosting partners since 2004.
Buy now »

Warning: shell_exec() has been disabled for security reasons

On a typical cPanel server, you'll find that shell_exec is disabled by default.

Warning:  shell_exec() has been disabled for security reasons in /home/<user>/public_html/.../<file>.php

If you see a warning or error like this, it means that shell_exec() is disabled.

This is because of a disable_functions directive in the php.ini file.

This directive allows you to disable certain functions. It takes on a comma-delimited list of function names.

Only internal functions can be disabled using this directive. User-defined functions are unaffected.

This directive must be set in php.ini For example, you cannot set this in httpd.conf.

On most Linux-based systems you'll find php.ini at /usr/local/lib/php.ini.

cPanel MultiPHP INI Editor

It's recommend editing the files with WHM's MultiPHP INI Editor interface to ensure that an operable version of PHP exists on the system.

  • Login to WHM
  • Under the Software section go to MultiPHP INI Editor
  • Go to Editor Mode and choose the PHP Version
  • You should be able to change the disable_functions from there

On systems that run EasyApache 4, each version of PHP uses a separate php.ini file. You must make changes separately to each file. Each file exists in the /opt/cpanel/ea-php72/root/etc/php.ini file, where 72 is the PHP version number.

File Paths

PHP Version File Path
PHP 5.4 /opt/cpanel/ea-php54/root/etc/php.ini
PHP 5.5 /opt/cpanel/ea-php55/root/etc/php.ini
PHP 5.6 /opt/cpanel/ea-php56/root/etc/php.ini
PHP 7.1 /opt/cpanel/ea-php71/root/etc/php.ini
PHP 7.2 /opt/cpanel/ea-php72/root/etc/php.ini
PHP 7.3 /opt/cpanel/ea-php73/root/etc/php.ini
PHP 7.4 /opt/cpanel/ea-php74/root/etc/php.ini
PHP 8.0 /opt/cpanel/ea-php80/root/etc/php.ini
PHP 8.1 /opt/cpanel/ea-php81/root/etc/php.ini

You can check each file by doing the following:

# cat /opt/cpanel/ea-php74/root/etc/php.ini | grep disable_functions
disable_functions =

In this example, we can see that the disable_functions line is empty, so we need to check elsewhere...

It may be worth checking for a .user.ini or the .htaccess file, or even a domain configuration.

Domain configuration

Confusingly and largely undocumented, you'll find that each domain name has its own configuration per version of PHP.

For example, if the PHP Version is 7.4, and the domain is, then the file path would be:

  • /opt/cpanel/ea-php74/root/etc/php-fpm.d/

You can check this file by doing the following:

# cat /opt/cpanel/ea-php74/root/etc/php-fpm.d/ | grep disable_functions
php_admin_value[disable_functions] = exec,passthru,shell_exec,system

In this case, you can see shell_exec is set, so we should remove this.

You could use an editor like vi or nano to edit or completely remove it.

Or, you can use the sed command to remove it:

sed -i 's/php_admin_value[disable_functions] = exec,passthru,shell_exec,system//' /opt/cpanel/ea-php74/root/etc/php-fpm.d/

After that you can restart Apache/PHP-fpm using the following command:

# /scripts/restartsrv_apache_php_fpm
Service Status

apache_php_fpm restarted successfully.

That's it.

Last updated: 2022-03-07

« Go Back

Order now »

No problems