How to turn off PHP register_globals

Posted by on Apr 13, 2013 in How To, Troubleshooting

PHP register_globals is a PHP environment setting.
The listed requirements for this plugin indicate PHP register_globals and safe_mode MUST be set to “Off”. WordPress does not want or need register_globals setting turned on and many security experts recommend it should always be set to “off”. PHP register_globals is a security risk and should be turned “off”.

Having PHP register_globals “on” will cause problems with the CAPTCHA where it will always return “That CAPTCHA was incorrect. Try again.” If you turn register_globals off, the form should start working properly.

How to tell if PHP register_globals is on or off?
Install the WordPress plugin WP-ServerInfo. Look on the Admin Dashboard in WordPress for the Server Information widget. Click on “View All”, then click “Display PHP Information”. Inside the “Core” colum, look for “register_globals”, it should display “Off” in both columns. If it is on, continue below to turn it off.

How to disable/turn off register_globals for PHP
If you are uncomfortable making server setting changes, then contact your web host to ask them to turn it off.

Method 1: The .htaccess file
The .htaccess file in your web site root directory is for controlling the search engine friendly URLs. This file can be used for a variety of server related things, and some web hosts will allow you to define PHP settings through them. WordPress may already have one and have some settings in there such as for the permalinks feature.
Note: If you already have one there, edit it instead of making a new one. Back it up before making changes in case you need to revert them

Make a new file in a text editor, such as Windows Notepad (but not a “rich text editor” like MS Word), edit the original or create a new document with the following contents:

php_flag register_globals off

Then FTP upload it your web site root folder and rename it .htaccess
Check if PHP register_globals is now “Off”.
If that still doesn’t work or generates a 500 Internal Server Error then you’ll have to revert the changes you just made, then contact your web host to ask them to turn it off.

Method 2: The php.ini file
The php.ini file in your web site root directory can be used for a variety of server related things, and some web hosts will allow you to define PHP settings through it. Your server may already have one and have some settings in there.
Note: If you already have one there, edit it instead of making a new one. Back it up before making changes in case you need to revert them

In a text editor, such as Windows Notepad (but not a “rich text editor” like MS Word), edit the original or create a new document with the following contents:

[PHP]
register_globals=0;
Now save the file as php.ini and upload it to the base directory of your website.

Check if PHP register_globals is now “Off”
If that still doesn’t work or generates a 500 Internal Server Error then you’ll have to revert the changes you just made, then contact your web host to ask them to turn it off.

Do you need help?

Send us a Donation:

Donate to Mike Challis