为了防止用户在 .htaccess 文件中设置 PHP 配置值，不要在他们的虚拟主机上授予 AllowOverride Options 权限.

To prevent users setting PHP config values in .htaccess files, do not give AllowOverride Options permissions on their virtual hosts.

或者，将 PHP 安装为 CGI 而不是 Apache 模块，因为 CGI 版本不受 .htaccess 文件的影响.但是，从 PHP 5.3.0 开始，PHP CGI 会解析每个目录的 php.ini 文件.我不知道有什么方法可以关闭此功能.

Alternatively, install PHP as CGI instead of as an Apache module, as the CGI version is unaffected by .htaccess files. However, since PHP 5.3.0, PHP CGI does parse per-directory php.ini files. I am not aware of a method that turns this off.

我刚刚在最新的默认 php.ini 中看到了这个:

I've just seen this in the latest default php.ini:

; Directives following the section heading [PATH=/www/mysite] only
; apply to PHP files in the /www/mysite directory.  Directives
; following the section heading [HOST=www.example.com] only apply to
; PHP files served from www.example.com.  Directives set in these
; special sections cannot be overridden by user-defined INI files or
; at runtime. Currently, [PATH=] and [HOST=] sections only work under
; CGI/FastCGI.
; http://php.net/ini.sections

因此，如果您在主 php.ini 中的每个目录标题下放置指令，则它们不能被覆盖.但是，缺点是您必须为每个虚拟主机执行此操作，因此在有很多虚拟主机或经常添加新主机的环境中，它将成为 PITA.

So if you put directives in your main php.ini under per-directory headings they cannot be overridden. However, the downside is that you'll have to do this for every virtual host so it'll be a PITA in environments where there are many or where new ones are frequently added.

再次

进一步阅读揭示了这一点:

Further reading has revealed this:

; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini"
;user_ini.filename = ".user.ini"
; To disable this feature set this option to empty value
;user_ini.filename =

所以只需取消最后一行的注释即可禁用每个用户的 ini 文件.:-)

So just uncomment that last line to disable per-user ini files. :-)