Support » Fixing WordPress » fopen() has been disabled for security reasons

  • Hi

    Sorry in advance for the long post.

    My web host company said they did this:
    We have disabled the allow_url_fopen PHP config variable in php.ini. The effect of this is that files residing on foreign webservers cannot be opened as if they are files residing on our webserver.

    An example of this is the fopen command. The fopen command opens a file so it can be read from or written to. Normally you would call it like this:

    fopen(“fun.txt”, “r”);

    That would open fun.txt on our server. However, prior to disabling allow_url_fopen, it could also be called like this:

    fopen(“”, “r”);

    Disabling this makes us more secure as malicious code residing on foreign webservers can’t be inserted into an insecure PHP document on our server.

    I have upgraded to WordPress 2.1.2 and still get the error below when trying to edit any theme (the default, another one i downloaded) on my site – by the way I am in Australia and so is my host company.

    There are two errors:
    Warning: fopen() has been disabled for security reasons in /home/laurence/public_html/wordpress/wp-admin/theme-editor.php on line 73

    Warning: fread(): supplied argument is not a valid stream resource in /home/laurence/public_html/wordpress/wp-admin/theme-editor.php on line 74

    In reponse to my help desk query, the web host company says:
    To edit your site you really should not need fopen !
    All other WordPress sites are working fine on our servers.

    So what am I to do? Is there another setting in WordPress I have missed, is this a web host company issue or mine?

    I’m not really up with PHP so I’m not sure what my next course of action should be.

    Can someone please advise me?


Viewing 4 replies - 1 through 4 (of 4 total)
  • whooami



    what you do is download the theme file you want to edit, make the change in a text editor, save the changed file, and upload it.

    Umm, judging from your error messages your Host has not only disabled allow_url_fopen, but fopen completely (in the php.ini, see Either get them to enable fopen for local files again or find a better host. Personally I would opt for the latter, if only for the reason that they either are clueless about PHP or lie to there customers about how they configured PHP.

    Find a better host. There are hundreds out there that welcome WordPress installations.




    disallowing fopen doesnt mean a host isnt wordpress friendly. It means they’re security conscious.

    the fact that a user cant edit a theme in the backend is hardly an earth shattering event, and doesnt break any WP installation that I know of.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘fopen() has been disabled for security reasons’ is closed to new replies.