So I'm about to open a hosting website, and will be letting the users use PHP and MySQL on my server. Since I will be allowing users to host their PHP code on this server I would like to make sure everyone's site is secure from hack attempts. Below is a list of what I've done so far to make it secure. Please tell me if this is enough to stop hacking, or if I need to add additional security.
1. Enabled disable_functions in php.ini with (NOTE: ini_set is not disabled)
disable_functions = "apache_child_terminate, apache_setenv,
define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec,
fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput,
ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all,
ini_restore, inject_code, openlog, passthru, php_uname,
phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode,
phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo,
posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname,
proc_close, proc_get_status, proc_nice, proc_open, proc_terminate,
shell_exec, syslog, system, xmlrpc_entity_decode,mysql_select_db"
2. Used ini_set() in a header PHP code to set open_basedir to the user's website directory
3. Put a string of 7 random characters as the password for my MySQL database to protect it
4. I will create a new user account on MySQL for every user