exec() no longer permitted in PHP files?

  • updated
  • Answered
I use a backup service/plugin for WordPress in order to provide daily backups for several WordPress sites I have hosted through inMotion (VPS 1000). The backup service is called iControlWP.

Normally these backups run automatically without any problems. Yesterday I received an email with this error notice:

"Error: Your web hosting provider kills all PHP files that contain "exec()" without warning. We recommend that you contact your hosting provider regarding this issue."

This error is preventing the backup script from working. Is this a recent change on inMotion's part and is there any way to change/reset this behaviour on my own VPS?

  • Answered

Hi Ken,

Apologies for the problems with the backup issues! I looked into the issue and asked if there were any security updates that would affect PHP files with the exec() function, but there has been no such update. However, in looking at your Apache error log, I noticed quite a few Mod security errors for the Wordpress login page. Does your script attempt to login to the wordpress account before running? If so, current Modsec settings that are set to block the brute force attacks on WordPress installations may be affecting those attempted logins reading them (falsely) as an attack. This may be blocking the script in such a way that it looks like it's not allowing the exec() function to work.

Check out our article on locking down Wordpress logins using .htaccess. This may help if you setup the rule so that the backup script can login without being blocked (if that is truly the issue).

Was your backup script working before? Do they have an error log that might track when it stopped working? If you wish for our technical support team to investigate the matter further, you can submit a ticket using the AMP interface. They will be able the handle issue privately (as all posts here are public). Make sure to include your verification information should you email them (the last 4 digits of the credit card on the account or the Account Management Panel (AMP) password).

If you have any further questions or comments, please let us know.

Kindest regards,

Arnel C.