Key PHP Configuration Variables for WordPress and BotBlocker

A stable, fast, and secure WordPress site with BotBlocker depends directly on correct PHP settings. The main configuration variables are set in the php.ini file, hosting panel, or sometimes via .htaccess. Below are the parameters that directly affect the performance, reliability, and compatibility of WordPress, BotBlocker, and all your plugins.

1. memory_limit

Maximum memory a PHP script can use.

• Example: memory_limit = 256M
• WordPress minimum: 128M, optimal for WooCommerce/media sites: 256M+

2. max_execution_time

Script execution time limit (seconds).

• Example: max_execution_time = 60
• For large imports/backups, increase to 120 if needed.

3. max_input_time

Time allowed to parse input data (POST/GET/files).

• Example: max_input_time = 60
• Rarely needs increasing except for huge forms/imports.

4. upload_max_filesize

Maximum size of a single uploaded file.

• Example: upload_max_filesize = 32M
• Raise for large images, backups, or theme uploads.

5. post_max_size

Maximum total size of POST data.

• Example: post_max_size = 32M
• Must be ≥ upload_max_filesize.

6. file_uploads

Enable/disable file uploads via PHP.

• Example: file_uploads = On
• Must be On for WordPress Media Library.

7. max_file_uploads

Maximum number of files per upload request.

• Example: max_file_uploads = 20
• Increase for bulk media uploads.

8. default_charset

Default character encoding.

• Example: default_charset = "UTF-8"
• Always UTF-8 for WordPress.

9. display_errors / log_errors

Error reporting/logging.

• display_errors = Off in production
• log_errors = On, set error_log file path

10. session.save_path

Where PHP session data is stored.

• Example: session.save_path = "/tmp"
• For high-load sites: use fast local storage or Redis/Memcached.

11. date.timezone

Server time zone for PHP.

• Example: date.timezone = "Europe/Berlin"
• Should match your main audience/WordPress setting.

12. opcache.enable

Enables PHP bytecode caching.

• Example: opcache.enable = 1
• Strongly recommended for speed.

13. expose_php

Whether PHP version is shown in HTTP headers.

• Example: expose_php = Off
• Turn off for security.

14. disable_functions

Block dangerous PHP functions.

• Example: disable_functions = exec,passthru,shell_exec,system
• Reduces attack surface.

Example php.ini for WordPress + BotBlocker

memory_limit = 256M
max_execution_time = 60
max_input_time = 60
upload_max_filesize = 32M
post_max_size = 32M
file_uploads = On
max_file_uploads = 20
default_charset = "UTF-8"
display_errors = Off
log_errors = On
error_log = /var/log/php_errors.log
session.save_path = "/tmp"
date.timezone = "Europe/Berlin"
opcache.enable = 1
expose_php = Off
disable_functions = exec,passthru,shell_exec,system

How to Check and Change These Variables

• WordPress: Use plugins like “Site Health” or “WP Server Info” to view limits.
• Hosting panels: Most (cPanel, ISPmanager, Plesk) let you edit PHP variables.
• phpinfo(): Upload a file with <?php phpinfo(); ?> for full list.

Best Practices for WordPress and BotBlocker

• Raise memory and timeout values for large sites or when using heavy plugins like WooCommerce, analytics, or imports.
• Keep display_errors off in production – show errors only in development.
• Enable opcache for real speed improvements.
• Disable dangerous functions unless required by a plugin.

FAQ

Do I need to restart the server after changing php.ini?
Yes, for FPM or Apache modules – reload or restart PHP/Apache/Nginx.

Why does WordPress say “allowed memory size exhausted”?
Increase memory_limit.

Why can’t I upload large files?
Raise both upload_max_filesize and post_max_size.

PHP configuration: Official documentation

Nginx web server

Comparison of Nginx and Apache