Enabling PHPmmdrop on shared hosting

Posted at March 28, 2018 at 2:04 pm by John Quaglieri

PHPmmdrop reduces php permissions to further secure and lock down websites. This has been optimized and tested most for wordpress.

First, it is recommended to contact InterServer support to check if your package supports PHPmmdrop.

To begin, edit the main .htaccess file in your wordpress install. This is the same location the wp-config.php is in. Open .htaccess and add

<IfModule LiteSpeed>
AddType application/x-httpd-fastphp .php .php5 .phtml
Options -Indexes

Save this file. Reload your site, to ensure it is working. If you get a 403 forbidden error your account does not have mmdrop enabled yet, and support can assist you.

2) Disable wp-cron in wp-config.php. Open wp-config.php and add

define('DISABLE_WP_CRON', true);

Save this file.

3) Enable a cron job to manually run cron. Typically every hour is fine.

In cpanel open the cron job section and add

0 * * * * cd /home/YOURUSERNAME/public_html; php -q wp-cron.php

You may have ssh access and can add this using crontab -e

Note: /home/YOURUSERNAME/public_html – YOURUSERNAME should be replaced with your cpanel username. The wordpress install location may be different for an addon domain.

4) Enable normal php in the wp-admin folder.
Move to the wp-admin folder and create or edit the .htaccess file.

<IfModule LiteSpeed>
AddType application/x-httpd-php71 .php .php5 .phtml
Options -Indexes

PHPmmdrop runs as php 7.1 so using the same in wp-admin is recommended.

Once done wordpress runs normally with reduced permissions, except files in the wp-admin folder. Additional security is on php-mmdrop servers that removes the ability to runs scripts in the wp-uploads folder, or directly call files in wp-includes – with some exceptions.

If a plugin needs higher permissions, step 4 can be used to enable it in the .htaccess file of the plugin folder.

0.00 avg. rating (0% score) - 0 votes

You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply