You can view your PHP configuration using phpinfo() function, but never leave it so others could access it, because PHP configuration contains information, that hackers might find useful. So use it, but so only you can access it.
First thing to do is to turn the register_globals off. It is already done in latest PHP versions, but it won't harm to check.
Next thing is to disable error reporting, because error report might give information, that other can use to it to their advance. Error reporting can be disabled by setting display_errors to 0 in php.ini, or using ini_set('display_errors', '0'); in the beginning of the script.
You can set error_log to 1 and check error_log for errors or set custom error_handling like emailing error to you, using set_error_handler() function. More information on error reporting/logging
You may also consider enabling safe mode if your applications opens local files often
And of course, you can disable function, that you won't use, and you know might be potentially harmful, like system or exec. You can disable functions only in your php.ini file.
You may also be interested in:
Powered by BlogAlike.com