The open_basedir restriction in effect warning is a PHP security feature that prevents scripts from accessing files outside your account directory. It protects you and other users on the server from unauthorized file access. This guide explains why it happens and how to fix it.
Accessing Your Site via Server Hostname
This error most often occurs when you access your site using the server URL (https://serverXX.ultrawebhosting.com/~username) instead of your domain name. Access your site via your actual domain name and the error typically resolves.
01. What This Error Means
The open_basedir directive restricts PHP to only access files within your account's directory tree (/home/yourusername/). If a PHP script tries to read, write, or include a file outside this path, PHP blocks it and shows this warning.
This is a security feature, not a bug. On shared hosting, it prevents one account from accessing another account's files.
02. Common Causes and Fixes
Using the Server Hostname URL
If you're accessing your site via https://serverXX.ultrawebhosting.com/~username, switch to using your actual domain name. The server hostname URL can trigger path mismatches that cause this error.
Hardcoded Absolute Paths
If your script has a hardcoded path like /var/www/html/ or /home/oldusername/ from a previous host, update it to your current account path. Find your home directory path in cPanel > Server Information, or use PHP's $_SERVER['DOCUMENT_ROOT'] for portable paths.
Plugin or Theme Accessing Outside Paths
WordPress plugins or themes sometimes attempt to access /tmp/ or other system directories directly. Your account has its own /home/yourusername/tmp/ directory. If a plugin hardcodes /tmp/, it may need a configuration update or the developer may need to fix the path.
Session Save Path
If the error references session files, your PHP session save path may point outside your home directory. You can set it in .htaccess:
php_value session.save_path /home/yourusername/tmpTo see your current open_basedir setting, check your phpinfo output. Create a file with <?php phpinfo(); ?> and search for "open_basedir" in the output. Delete the file when done.
Still Getting This Error?
If you've checked the paths and the error persists, open a ticket with the full error message. We can check the server-side configuration and adjust the open_basedir path for your account if needed.
Open a Support TicketQuick Recap
- Use your domain name - not the server hostname URL
- Check hardcoded paths - update any paths from a previous host
- Use relative or dynamic paths -
$_SERVER['DOCUMENT_ROOT']instead of absolute paths - Session path - set to your account tmp directory if needed
- Contact support - if the path restriction needs adjusting
Last updated March 2026 · Browse all PHP/MariaDB/MySQL articles
