Why can't I run shell_exec in LocalWP sites?

I’m trying to run shell_exec() in a LocalWP env. I can run pwd, but something as simple as ls returns NULL. I need to be able to shell_exec() because I’m building a security scanner that runs wpscan and returns the results.


Hi @tomstuurlui

What type of environment do you have set up? Are you using our preferred settings or do you have a custom build?

The preferred settings, just a simple single site, 3 plugins ACF, YoastSEO, Gravity Forms.

Have you tried using the full path to ls or wpscan, @tomstuurlui? For example:


Gives me the output I expect:

string(330) "index.php license.txt local-phpinfo.php local-xdebuginfo.php readme.html test.php wp-activate.php wp-admin wp-blog-header.php wp-comments-post.php wp-config-sample.php wp-config.php wp-content wp-cron.php wp-includes wp-links-opml.php wp-load.php wp-login.php wp-mail.php wp-settings.php wp-signup.php wp-trackback.php xmlrpc.php "

Local doesn’t prevent use of shell_exec() directly. Look at http://[yoursite].local/local-phpinfo.php and note that disable_functions is empty. But it does use a different PATH than the one you’d have access to as a regular shell user.

If you ever need to see why a command in shell_exec is failing, you can redirect error output so it becomes visible:

var_dump(shell_exec('ls 2>&1'));

If I put that in test.php and visit http://[mysite].local/test.php, it gives me:

string(26) "sh: ls: command not found "

Confirming that PHP can’t find ls when running under nginx.

1 Like

This topic was automatically closed 36 hours after the last reply. New replies are no longer allowed.