allow_url_fopen and allow_url_include are PHP directives that can be used for retrieval of files and may be required by some scripts or applications. While there may be some performance benefit, these directives are generally considered unsafe as PHP scripts that can access remote files are vulnerable to code injection if user inputs are not properly validated. Due to the security implications of enabling these directives, they are disabled by default.
Still, there may be situations where it is required. Here we cover the steps to enable allow_url_fopen and allow_url_include either locally (for a single website) or globally (for all websites using a specific PHP version).
NOTE: allow_url_include is deprecated as of PHP 7.4 and can only be enabled when using PHP 7.3 or earlier.
Related Articles
Getting Started with cPanel
Update PHP Version with MultiPHP Manager
Locally
- Log into cPanel
- Navigate to MultiPHP INI Editor, located under the Software section
- Select the applicable domain from the dropdown field
- Click the toggles to the right of allow_url_fopen and allow_url_include so that they indicate they are Enabled
- Scroll to the bottom of the page and click the Apply button