Certain software packages (such as PHPBB, WordPress, etc.) will provide a warning/advice when installing the software that it is better security practrice to disable the register_globals PHP setting. This document will walk you through steps to accomplish this using an .htaccess file on Unix hosting.
- Login to MyCP, and from the main page select "Secure File Manager (Slow)" under the "Plan Admin" header in the top-lefthand section of the page.
- Navigate to the public_html folder of the website.
- Note: if there is already an .htaccess file in the public_html folder, do not create a new one. Instead, skip the following step and append a new line to the existing file.
- Next to the "Create a new file :" option, delete the "new_file_name" in the text box to the right, and enter ".htaccess" and click "Create" to make the file.
- Now, the .htaccess file will appear in the file listing under the public_html folder in the left-hand navigation frame. Select the file by clicking on the name, and then click "Edit" next to "File Management" >> "Name of file".
- Enter the line "php_flag register_globals off" (without the quotes) and save the file.
Now, if you refresh your installer or view the phpinfo(); output on a web page you will see that the "Local Value" for register_globals is off.
If you have any questions on this, or require assistance please open a support ticket.
