shell_exec has been disabled for security reasons

ERROR : shell_exec() has been disabled for security reasons

shell_exec function in PHP is used to execute command via shell. Some of the Webhosting providers disable shell_exec while doing PHP hardening. Follow the below steps to enable PHP shell_exec() function.

1. Log into your Linux server

You must log into your Linux server as root user.

2. Find the path of php.ini

The command “php --ini” will show the exact location of the loaded PHP configuration file.

On my server, php.ini file is in etc directory – /etc/php.ini.

3. Check whether shell_exec is added in PHP disable_functions

Run the below command to check whether PHP shell_exec function is added in PHP disable_functions.

Command :

grep disable_functions /etc/php.ini

disable_functions = shell_exec

In the above command output, you can see that shell_exec is added in PHP disable_functions.

3. Remove shell_exec from disable_functions

Open your PHP configuration file php.ini using vim or nano.

vi /etc/php.ini

scroll down to the line ‘disable_functions’ and remove ‘shell_exec’ from there.

Save the PHP configuration file and exit the editor.

NOTE : shell_exec function is disabled as a part of PHP hardening.

4. Restart the web browser

You must restart the web browser after making changes in the PHP configuration file.

Command :

service httpd restart

You will see the same PHP warning, if your website is using a different PHP configuration file.

Do the below steps if you are still getting the same warning.

1. Create a phpinfo file in your website document root to find the loaded configuration file.

2. Try accessing phpinfo.php in your Web browser :

Check the PHP loaded configuration file in phpinfo.php page.

3. Open that PHP configuration file and remove shell_exec from PHP disable_functions

4. Save the file and exit

5. Restart web server

Don’t forget to delete the phpinfo.php file.