So, just signed up for a VPS yesterday, moved site, and I've been snooping around the WHM to see what magical things I can do now which I couldn't do on shared hosting. I remembered one php setting that I was warned about a couple of years ago when our site (which runs on mambo&smf) got hacked. One of the people from the smf team warned me back then that if open_basedir is not defined in php.ini, it makes remote file execution hacks possible. My host didn't want to change that, so I just lived with it. But now we're on a VPS, and I have access to my php.ini file. I'm wondering if I should enter something into the open_basedir setting. If I do, what directory should I point it to? And, in general, what do more experienced php users here think of that, is it a wise idea?