The phpinfo() function will list your php.ini variables and scan them for insecure settings. Keep this page in a restricted place and do not allow public access to it. The output of phpinfo() contains information that a potential hacker might find extremely useful.

Code:
<?php phpinfo() ;
Some settings to consider when configuring PHP for security include:

  1. register_globals: It has to be changed to "off". It exports all user input as global variables.
  2. safe_mode: The safe mode setting can be very useful to prevent unauthorized access.
  3. disable_functions: This setting can only be set in your php.ini file, not at runtime. It can be set to a list of functions that you would like disabled in your PHP installation. It can help prevent the possible execution of harmful PHP code. Some functions that are useful to disable if you do not use them are system and exec, which allow the execution of external programs.