Secure settings for PHP web applications in php.ini

To enhance the security of PHP based web applications it is important to modify the php.ini file. The default configuration is not secure. The following 6 parameters are crucial in regard to security. Many exploits use functions like shell_exec to get remote access to a PHP system. They should be disabled. Fortunately most PHP web applications don't need these functions. But anyway it's important to verify that all PHP web applications work as expected after changing the php.ini and reloading Apache.

disable_functions = show_source, exec, shell_exec, system, popen, proc_open, proc_nice, ini_restore, passthru,dl
register_globals = Off
allow_url_fopen = Off
display_errors = Off
open_basedir = [path to the directory of the web server / virtual host]
safe_mode = On

Apache hardening
IDS/IPS systems with Snort
SELinux Training