(allow_url_fopen and allow_url_include) Set reasonable resource maximums (upload_max_filesize and memory_limit) Leverage the disable_functions directive to block dangerous functions: exec, passthru, shell_exec, system, proc_open, popen, parse_ini_file, show_source, eval, create_function