Hello, I'm constantly getting issue with my ispconfig3 and wordpress site, as it gets hacked and is sending large amounts of spam - I decided it would be best to restrict this particular site from using functions like exec or mail, so i could permanently restrict this wordpress instance from sending spam? I tried adding to .vhost PHPINIDir /var/www/cong/web10 but after restart phpinfo still returns Configuration File (php.ini) Path /etc/php5/cgi Loaded Configuration File /etc/php5/cgi/php.ini Scan this dir for additional .ini files /etc/php5/cgi/conf.d Could You guys please point me in right direction, because securing wordpress seems hopeless.....
First, it is important to remove this "I tried adding to .vhost PHPINIDir /var/www/cong/web10" Custom php.ini files get handled by ispconfig, adding this manually will just cause the system to fail. To use custom php.ini settings, just add the settings that you want to use in the custom php.ini field on the options tab of the website. Then ensure that you use php mode fastcfgi or fpm and that suexec is turned on in the website.