One can prevent potential remote code execution by disabling functions rarely used in a production environment by setting disable_functions directive in php.iniegdisable_functions = eval,exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,show_source,highlight_file