Drupal 7 PHP requirements

Last updated on
4 January 2018

This documentation is incomplete. Add more information.

Below you will find some more detailed notes regarding the PHP requirements for Drupal 7. Individual modules may have specific requirements and configurations needed; please double check module documentation as well.

For information on Drupal 8, see the Drupal 8 PHP requirements.

On this page:

PHP version required and supported

This table shows how each Drupal version requires and supports the various versions of PHP. If you have selected a particular Drupal version and want to select the best PHP version to use with it, read the column for that Drupal version upwards from the bottom. If you have a particular PHP version and want to know which Drupal version will work the best with it, read left to right along the row for that PHP version.

PHP version Drupal 7
4.4 no
5.0 no
5.2 5.2.5+ (*)
5.3 yes
5.4 yes (minimum recommended)
5.5 yes
5.6 yes
7 yes (**)

(*) For Drupal 7, versions of PHP 5.2.4 that include backported security patches also meet the requirements. The PHP version included with Ubuntu 8.04 is the most common example of this.
(**) Because PHP 7 is the newest release, extra care should still be taken with it. See the Drupal 7.50 release notes and the PHP 7 discussion for more details. However anecdotal evidence from a variety of users suggests that Drupal 7 can be successfully used on PHP 7, both before and after the 7.50 release.

File and folder permissions

Drupal and PHP should have read and write access to the /sites/default/files directory. This area is used to store cached files (compressed CSS and JavaScript) and any file uploads through the Drupal interface. The exact permissions of this directory depend on how your PHP installation is configured. Generally speaking, read-write-execute for all, nobody user, (777) is not recommended as a security risk. PHP can be run under as the specific user account on the server using suPHP rather than a generic user (www) or nobody.

PHP configuration settings

Required PHP configuration settings

PHP needs the following configuration directives for Drupal to work (only directives that differ from the default php.ini-development / php.ini-production):

  • error_reporting set to E_ALL & ~E_NOTICE. Work is ongoing to change this to E_ALL for Drupal 7.
  • safe_mode: off. Safe mode may interfere with file and image uploads. This is applicable for only for PHP version's below 5.3.0, as of PHP 5.4.0 Safe Mode has been removed
  • Tokenizer functions require the tokenizer extension to be enabled. (Read more #357970: Undefined function token_get_all)

Setting: session.cache_limiter = nocache

Setting: session.auto_start = 0

Setting: expose_php = off
Reason: Shows current PHP version in all header requests, security disclosure, see here
Example: X-Powered-By: PHP/5.3.8

Setting: allow_url_fopen = off
Reason: This is a security issue: see here

Setting: magic_quotes_gpc = off
Reason: Forces quotes in variables - This feature has been deprecated as of PHP 5.3.0 and removed as of PHP 5.4.0.

Setting: register_globals = off
Reason: Security issue - having this enabled subjects PHP variables to input from any source:
This feature has been deprecated as of PHP 5.3.0 and removed as of PHP 5.4.0.

Setting: display_errors = Off
Reason: Hides errors output to display (website) we want to send to log file instead.

Memory requirements

PHP memory requirements can vary significantly depending on the modules in use on your site. Drupal 7 core requires 32MB.

Warning messages will be shown if the PHP configuration does not meet these requirements. However, while these values may be sufficient for a default Drupal installation, a production site with a number of commonly used modules enabled could require more memory. Typically 128 MB or 256 MB are found in production systems. Some installations may require much more, especially with media-rich implementations. If you are using a hosting service it is important to verify that your host can provide sufficient memory for the set of modules you are deploying or may deploy in the future. (See the Increase PHP memory limit page in the Troubleshooting FAQ for additional information on modifying the PHP memory limit.)

Enable caching

Within the Drupal interface, it is highly recommended that caching be enabled under admin/config/development/performance. This will help increase the performance of your Drupal installation and the end user experience. For more details see Caching to improve performance.


Database extensions

The PHP extension for connecting to your chosen database must be installed and enabled. Drupal's currently supported database connectors are: mysql (the original MySQL extension), mysqli (an improved connector for newer MySQL installations), and pgsql (for PostgreSQL). Note: PHP 5.x no longer enables the mysql extension by default. Please read the links above for installing and enabling your chosen connector. 

XML extension

PHP XML extension (for Blog API, Drupal, and Ping modules). This extension is enabled by default in a standard PHP installation; the Windows version of PHP has built-in support for this extension. Enabling the XML extension also enables PHP DOM. DOM is now a systems requirement.

Image library

An image library for PHP such as the GD library is needed for image manipulation (resizing user pictures, image and imagecache modules). GD is included with PHP 4.3 and higher and usually enabled by default. GD is a required extension in Drupal 7 and later. ImageMagick is also supported for basic image manipulations in Drupal core but there is much less support from contributed modules.
If you have administrator rights on a Debian/Ubuntu server, and GD is not already available (see your phpinfo) it can usually be installed by running the following command:
sudo apt-get install php5-gd
or on Redhat/Centos:
sudo yum install php-gd
See the ImageMagick install instructions for your platform if you want that.


The PHP OpenSSL extension is recommended to allow Drupal to make outgoing requests using HTTPS. Some platforms provide a separate OpenSSL package, e.g. php55-openssl.

There is also ongoing work to make Drupal core's Update Manager module check for updates using HTTPS, which would make this an even stronger recommendation or possibly a requirement. See #1538118: Update status does not verify the identity or authenticity of the release history URL and https://groups.drupal.org/node/506128.


Drupal 7 and 8 require PHP compiled with JSON. JSON support is normally compiled as part of PHP core, but in case you're getting errors like PHP Fatal error: Call to undefined function Drupal\\Component\\Serialization\\json_encode() in ... core/lib/Drupal/Component/Serialization/Json.php try adding the JSON extension.


The PHP cURL extension is required for the SimpleTest module in Drupal 7 and 8, as well as Aggregator and some contributed modules. Many Linux distributions and development stacks will have it enabled by default, but if your system doesn't, here are instructions on how to enable it for various platforms are below.

See also the installing PHP cURL instructions on the Drupal documentation.


The PHP mbstring extension provides multibyte specific string functions used for Drupal installation in other languages except English and also multilingual sites in Drupal. It helps deal with multibyte encodings in PHP and also handles Unicode based encodign like UTF-8 or UCS-2.

can be installed in Linux systems depending on OS, eg: for Debian based system:

sudo apt-get install php7.0-mbstring



Open C:/xampp/php/php.ini in a text editor.

Uncomment the extension=php_curl.dll line by removing the preceding ";".



Run sudo apt-get update && sudo apt-get install php5-curl.

If you need to enable it, run sudo php5enmod curl.


Recent versions of APC (apparently since 3.1.6) set 'Enable internal debugging in APC' as the default. This generates large numbers of PHP messages that can make diagnosing other problems more difficult. This option can be disabled during installation by explicitly entering no to the prompt - hitting 'enter' will enable the option in spite of the wording of the prompt.

Also, see Drupal 7-specific information relating to APC.

ssh extension

The ssh PECL extension is an optional add-on to your PHP setup. While it is not required for normal Drupal function, when absent, both the Add new module and Add new theme links in your drupal's administration will fail with the admittedly uninformative message:"Your server does not support installing modules and themes from this interface. "


.htaccess settings

Some of the memory settings are contained in the default .htaccess file that ships with Drupal, so you shouldn't need to set them explicitly. Note, however, that setting PHP configuration options from .htaccess only works under the following conditions:

  • With Apache (or a compatible web server)
  • If the .htaccess file is actually read, i.e. AllowOverride All in the main Apache configuration (usually httpd.conf) is enabled
  • If PHP is installed as an Apache module

In some shared hosting environments, access to these settings is restricted. If you cannot make these changes yourself, please ask your hosting provider to adjust them for you.

Other interfaces

See the PHP manual for how to change configuration settings for other interfaces to PHP.

Secure Random Number Generation

See discussion on Drupal 7 issue


If using xdebug:

Setting: xdebug.show_exception_trace = 0
Reason: Could cause Drupal's installer to crash

Setting: xdebug.max_nesting_level = 256
Reason: Using the default max_nesting_level of 100 (in xdebug versions < 2.3) causes some pages to crash.

PHP from different sources

Drupal is designed to work with PHP as distributed on php.net. Every effort is made to make it work with PHP versions from other sources but this is only done on a best effort basis. In particular, suhosin is known to break certain features; and some operating systems move core components into other packages.

PHP requirements details

See the phpinfo() page on Drupal.org to learn how to use phpinfo to get the details of your system. For example, phpinfo will tell you if you have a database already installed and what versions of PHP, MySQL, etc. your system is running. Phpinfo will also tell you what PHP variables are set as well as many other helpful things.

It is often possible to update to a newer version of PHP than ships with your Linux distribution. For RHEL, we recommend http://iuscommunity.org/Repos, and for Debian, http://www.dotdeb.org/.

On Debian libapache2-mod-php5filter may get installed in preference to libapache2-mod-php5 (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709027). Unfortunately, the libapache2-mod-php5filter package has a bug which breaks Drupal (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709023). So, make sure you specify to use the libapache2-mod-php5 package instead.

  • Drupal 7 requires PHP 5.2.5 or higher (or PHP 5.2.4 with backported security patches, such as the version included with Ubuntu 8.04). PHP 5.4 or higher is recommended.
  • PHP Data Objects (PDO) must be activated for Drupal 7 to install and run correctly. Look in your php.ini. Uncomment (remove the leading semicolon) at line extension=php_pdo.dll, extension=php_pdo_mysql.dll. In Linux, these would be extension=pdo.so and extension=pdo_mysql.so. Some Linux distributions may have these extensions by default in files found in the conf.d folder (Ubuntu 12.04: /etc/php5/conf.d has pdo.ini and pdo_mysql.ini). If these lines are not there, you will need to add them. The PECL version of PDO is not compatible with Drupal 7 and cannot be used.
  • The Drupal 7 Update manager can install/update modules and themes via SSH if the required libraries have been installed on the server. If you have administrator rights on a Debian/Ubuntu server, and SSH is not already available (see your phpinfo) it can usually be installed by executing:
    apt-get install libssh2-php.
  • Drupal 7 may require the time parameter (max_execution_time) to be at least 30 seconds.
  • APC installation guides sometimes recommend setting apc.include_once_override=1. This causes Drupal 7 to fail (white screen, error 500) as reported in Do not enable apc.include_once_override.
  • The following PHP extensions are required for Drupal 7:
    $required_extensions = array( 'date', 'dom', 'filter', 'gd', 'hash', 'json', 'pcre', 'pdo', 'session', 'SimpleXML', 'SPL', 'xml', ); 

A shortlist based on above:

section d7
PHP version Min 5.2.5 – rec 5.5.4
core allow_url_fopen must be OFF or nonexistent
core display_errors off
core max_execution_time min 30 seconds
core expose_php must be OFF or nonexistent
core memory_limit 32MB
ctype ctype functions
cURL cURL support
cURL libSSH Version required for install update
date date/time support enabled
dom DOM/XML enabled
fileinfo fileinfo support
filter Input Validation and Filtering enabled
gd GD Support enabled
? magic_quotes_gpc must be OFF or nonexistent
? magic_quotes_runtime must be disabled or nonexistent
? safe_mode must be disabled or nonexistent
? register_globals must be OFF or nonexistent
hash hash support enabled
openssl openssl support enabled
json json support enabled
pcre PCRE (Perl Compatible Regular Expressions) Support enabled
pdo PHP Data Objects(PDO) (specific for your database)
pecl PECL version of PDO not compatible
session Session Support enabled
session session.auto_start 0
session session.cache_limiter nocache
SimpleXML Schema support enabled
SPL SPL support lots
Suhosin APC.include-once-override avoid
Tokenizer Tokenizer Support
XML XML Support enabled
XML XML Namespace Support enabled
Zend OPcache Opcode caching
Zend OPcache PHP 5.5+ opcache.save_comments
Zend OPcache PHP 5.5+ opcache.load_comments
MODULE TESTING memory_limit