cPanel Hosting

Per-Domain PHP Settings via .htaccess and .user.ini

Overriding PHP settings for just one domain or directory using .user.ini or .htaccess - when each works, the syntax, and how it interacts with MultiPHP INI Editor.

6 min read

MultiPHP INI Editor changes PHP settings for ALL domains on your account using a given PHP version. Sometimes you want one specific domain — or even one directory — to have different settings. Two mechanisms handle this: .user.ini files and php_value directives in .htaccess. Which one works depends on the PHP handler (FPM vs Apache mod_php vs LSAPI). This guide covers both.

When to use per-domain overrides

  • One domain needs higher memory_limit — your e-commerce site needs 512M but you don’t want to set that globally.
  • One subdomain needs different upload limits — staging area lets bigger files; production restricts them.
  • Specific app needs an extension behavior tweaked — an old admin tool needs allow_url_fopen on while everything else has it off.
  • Different sites have different display_errors needs — dev subdomain shows errors, production hides them.

If you find yourself wanting these, per-domain overrides are the right tool.

.user.ini — the modern way

.user.ini is a small ini file you place in a directory. PHP reads it for requests handling files in that directory and any subdirectory. Works with PHP-FPM and LSAPI (the common modern handlers).

Creating .user.ini

  1. cPanel File Manager (turn on “Show Hidden Files” in settings).
  2. Navigate to your domain’s public_html (or its document root).
  3. Create a new file named exactly .user.ini (leading dot, no extension).
  4. Edit it; add settings, one per line, ini syntax.

Example contents

memory_limit = 512M
upload_max_filesize = 128M
post_max_size = 136M
max_execution_time = 300
max_input_vars = 5000

Save the file. Changes take effect on next request (with some delay — see propagation below).

What .user.ini can and can’t change

PHP categorizes ini directives by “changeability mode”:

  • PHP_INI_USER — Can be changed in .user.ini, .htaccess, or via ini_set() in code.
  • PHP_INI_PERDIR — Can be changed in .user.ini and .htaccess but NOT via ini_set().
  • PHP_INI_SYSTEM — Can ONLY be changed in the main php.ini (MultiPHP INI Editor). NOT changeable per-directory.

Most settings worth tuning (memory_limit, upload sizes, max_execution_time, max_input_vars, display_errors) are PHP_INI_PERDIR or PHP_INI_USER — work fine in .user.ini.

Things you CANNOT change via .user.ini:

  • disable_functions — PHP_INI_SYSTEM. Only main php.ini via MultiPHP INI Editor.
  • extension loading — load_extension / zend_extension directives. System level.
  • session.save_handler — System level.

Propagation delay

PHP doesn’t re-read .user.ini on every request — that’d be slow. Default is every 300 seconds (5 minutes). So changes can take up to 5 minutes to take effect.

To verify a change is active, create phpinfo and check the value after the wait window (delete the file after).

Scope of .user.ini

The file applies to PHP scripts in its directory AND all subdirectories. So public_html/.user.ini covers your whole site. public_html/admin/.user.ini covers just the admin area.

Multiple .user.ini files merge — child directories override parent values for directives both set.

.htaccess php_value directives

For sites running Apache with mod_php (older setup), .htaccess can also override PHP settings via php_value and php_flag:

php_value memory_limit 512M
php_value upload_max_filesize 128M
php_value post_max_size 136M
php_value max_execution_time 300
php_flag display_errors off

Two directive types:

  • php_value — for string/numeric values (memory_limit, upload_max_filesize, max_execution_time, etc.).
  • php_flag — for on/off boolean values (display_errors, allow_url_fopen, file_uploads, etc.).

The catch: handler must support it

These directives ONLY work with mod_php (Apache’s PHP module). They do NOT work with:

  • PHP-FPM (most modern cPanel setups) — php_value lines in .htaccess are ignored.
  • LSAPI (LiteSpeed with PHP) — ignored.
  • SuPHP / CGI — ignored.

On iWebVault servers running LiteSpeed (which is most of them), .htaccess php_value/php_flag are silently ignored. Use .user.ini instead.

If you’ve copied .htaccess from another host with mod_php and have php_value lines that don’t seem to take effect — that’s why. Convert to .user.ini.

Which handler are you on?

Easy way to tell: phpinfo. Top of the page shows “Server API”. Look for:

  • FPM/FastCGI — Use .user.ini.
  • LiteSpeed V7+ / LSAPI — Use .user.ini.
  • Apache 2.0 Handler (mod_php) — Use .htaccess php_value OR .user.ini.

On iWebVault, you’re nearly always on LiteSpeed/LSAPI or FPM. .user.ini is the reliable choice.

A combined real-world example

Scenario: your WooCommerce site needs 512M memory for product imports. Other domains on your account work fine with 256M. Solution: .user.ini in the WooCommerce site root only.

# public_html/woocommerce-site/.user.ini
memory_limit = 512M
upload_max_filesize = 128M
post_max_size = 136M
max_execution_time = 600
max_input_vars = 5000

Now WooCommerce gets generous limits without raising the floor for all your other sites.

Security note on .user.ini

Sites have been compromised by attackers uploading malicious .user.ini files (lowering security restrictions for their planted webshells). Mitigations:

  • Imunify360 scans for and flags suspicious .user.ini changes.
  • File integrity monitoring catches new .user.ini appearing.
  • disable_functions in system php.ini (PHP_INI_SYSTEM) can’t be overridden by .user.ini — that’s by design.

Lock your .user.ini permission to 644 (owner write, world read) — limits accidental modification.

Common questions

“Why doesn’t my .htaccess php_value line work?” You’re on FPM or LSAPI handler. Use .user.ini instead.

“My .user.ini doesn’t seem to work.” Three things to check: (1) PHP version uses a compatible handler (most modern setups do), (2) filename is exactly .user.ini (leading dot), (3) wait the propagation delay (up to 5 minutes), (4) verify via phpinfo, not by guessing.

“Can I disable functions via .user.ini?” No — disable_functions is PHP_INI_SYSTEM. Only main php.ini via MultiPHP INI Editor.

“My WordPress wp-config.php has WP_MEMORY_LIMIT — does that conflict with .user.ini?” WP_MEMORY_LIMIT only sets WordPress’s internal limit which can only be lower than PHP’s memory_limit. If .user.ini sets 512M and wp-config.php has WP_MEMORY_LIMIT = ‘256M’, WordPress respects 256M but the PHP runtime is 512M (so heavy plugins can grow beyond 256M).

“Do these settings persist across PHP version changes?” Yes — .user.ini is in your site files, independent of which PHP version processes them. If you switch from ea-php82 to ea-php83, .user.ini still applies.

What’s next

For per-domain PHP customization without affecting your other sites, .user.ini is the tool. Place it in the document root, list your overrides, wait 5 minutes, verify. Works on all modern cPanel handlers; outdated .htaccess php_value patterns from older hosts don’t.

Was this helpful?

Filed under htaccess php multiphp per-domain php php override user.ini
Marcus A. Chen
About the author

Marcus A. Chen

iWebVault Team — writing setup guides, tutorials and answers for offshore, anonymous and DMCA-ignored hosting customers.

188 KB articles Website ↗
Continue reading

More from the Knowledge Base

View all articles