phpinfo(); | How to create and run an info.php file

phpinfo(); | How to create and run an info.php file

artistic clockwork diagram

Imagine having a secret key that unlocks a treasure chest of information about your WordPress site. This key would allow you to optimize performance, bolster security, and even troubleshoot issues. Sounds like a dream, right? Well, it’s not. The phpinfo() function in PHP is that key. In this article, we’ll delve into the depths of phpinfo(), exploring its functionalities and how you can leverage it to improve your WordPress site.

TL;DR What is PHPINFO()?

The phpinfo() function is a built-in function in PHP that provides comprehensive details about your PHP configuration. It is instrumental in identifying server vulnerabilities and optimizing your WordPress site’s performance.

Understanding the phpinfo() Function

Think of the phpinfo() function as a digital detective. It’s like the Sherlock Holmes of PHP, unearthing intricate details about your server’s PHP configuration. Whether you’re a seasoned developer or a beginner in the expansive world of WordPress, phpinfo() is an invaluable tool to have in your toolkit.

The phpinfo() function is a built-in function in PHP that provides a wealth of information about your PHP configuration, similar to a detailed map revealing everything from the PHP version you’re running to the server environment and the specifics of your PHP modules.

Why is this information essential, you ask? This function is a boon when it comes to identifying server vulnerabilities. As we’re all aware, server security is of utmost importance, and the phpinfo() function can help you spot potential server vulnerabilities before they escalate into major issues.

Additionally, the phpinfo() function allows you to use different parameters to fetch specific information. For instance, you can use phpinfo(INFO_MODULES) to get information about all the loaded modules.

In essence, the phpinfo() function provides comprehensive PHP configuration details all in one place. It plays a proactive role in server security and is a lifesaver when you’re knee-deep in debugging issues.

Creating a phpinfo Page info.php

With a clear understanding of phpinfo(), let’s roll up our sleeves and create a phpinfo page in WordPress. Here’s a step-by-step guide to assist you:

  1. Create a new file and name it info.php.
  2. Write the following line of code in this file:
<?php phpinfo(); ?>
  1. Save the file and upload it to the root directory of your server using FTP.

To access your new phpinfo page, simply type in your website’s domain followed by /info.php in your web browser. And there you have it! You’ve successfully created a phpinfo page.

Decoding the phpinfo() Output

The phpinfo() function provides a detailed overview of your server’s PHP configuration. But what do these details mean, and why are they important? Let’s decode the output:

  • PHP Version: This section provides the version of PHP installed on your server. Keeping your PHP version up-to-date is crucial for security and performance.

  • Server API: This tells you the interface between the web server and PHP.

  • Loaded Configuration File: This shows the path to the php.ini file currently in use. This file contains all the PHP configuration options for your server.

  • Loaded Extensions: This section lists all the PHP extensions loaded on your server. Extensions add functionality to PHP.

Understanding these details can help you fine-tune your PHP configuration for optimal performance and security.

Securing Your phpinfo Page

While the phpinfo page is immensely useful, it’s essential to address its security aspect. This page contains sensitive information about your server that could be exploited by malicious hackers. Therefore, once you’re done using your phpinfo page, ensure to delete it or rename it.

If you’d like to keep this page around permanently, you should take other steps to secure it. Let’s explore two methods to achieve this: Basic Authentication and IP Restriction.

  1. Basic Authentication: This is a method wherein you set up a user-name and password combination that prompts whenever someone attempts to access your phpinfo page. While how to configure basic authentication falls outside the purview of this article, you can easily set it up in Apache using .htaccess configuration file. There are many resources available online that can guide you to do it.

  2. IP Restriction: A more secure but restrictive method is to limit access to a certain IP address or addresses. This means only requests coming from these addresses will be able to access your phpinfo page. This level of restriction can be set up on server level but also inside your PHP code as follows:

$allowed_ip = '';  //replace with your IP address
if ($_SERVER['REMOTE_ADDR'] != $allowed_ip) {
    die('You are not authorized to view this page');

In this code snippet, access is granted only to the user with the IP address ‘’ and everyone else will be denied. To find out what your current public IP address is, you can visit a website like to retrieve it.

Do remember that these measures simply add a layer of protection and don’t replace the need for overall server security best practices. Balancing accessibility with security is key to maintaining your site’s integrity.

Remember, while the phpinfo page is a mighty tool, it’s crucial to balance its utility and maintain site security.

Managing Multiple PHP Configurations

In an ideal world, we would have just one PHP configuration to deal with. However, you might encounter multiple PHP configurations in reality. These can significantly impact your WordPress site, and not always positively.

For example, you might have different PHP versions running on your local machine and your live server. Or you may have different php.ini files for your command-line interface and your web interface. These discrepancies can lead to issues, from broken features to complete site failure.

Our trusty phpinfo() function sheds light on these multiple configurations, allowing you to navigate them seamlessly. By understanding these multiple configurations, you can adjust your settings for optimal site performance and robust security.

The Double-edged Sword of the phpinfo() Function

The phpinfo() function, while incredibly helpful, should be used responsibly. It’s a double-edged sword – it can help you optimize your WordPress site, but if mismanaged, it can also expose your server to potential security risks.

The phpinfo() function displays all EGPCS (Environment, GET, POST, Cookie, Server) data, providing invaluable insights when debugging your WordPress site. You can see your PHP environment variables, values of PHP configuration options, and much more.

However, the information revealed by the phpinfo() function can also be a goldmine for hackers if not handled properly. This is why it’s crucial to ensure that the phpinfo page is removed or made inaccessible once you’re done using it.

Understanding multiple PHP configurations is more than just good practice – it’s critical for the optimal performance and security of your WordPress site.

In Conclusion

We’ve covered a lot of ground today, from exploring the phpinfo() function to creating a phpinfo page and navigating multiple PHP configurations. The phpinfo() function is indeed a powerful tool in the WordPress developer’s toolkit, instrumental in optimizing performance and enhancing security.

So, how do you create a phpinfo page in WordPress? Just create a info.php file with the phpinfo() function, upload it to your server via FTP, and access it by appending /info.php to your site’s domain. But remember, always delete or rename this page after use to maintain your server’s security.

This guide is particularly beneficial for users of dedicated servers. They require an in-depth understanding of their server’s PHP configuration for optimal performance and security, and this guide provides exactly that.

Remember, mastering WordPress is not a destination, it’s a journey. So keep exploring, keep learning, and keep mastering!