Escapeshellcmd() has been disabled for security reasons

Hello, few days ago I changed the hosting for my Kirby page, from DoDaddy to Neubox, and my mailer controller stopped working. This is the message I receive when I try to use the contact form in my page:

escapeshellcmd() has been disabled for security reasons

return function($kirby, $page) {

    if ($kirby->request()->is('POST') && get('submit')) {

        // initialize variables
        $alerts      = null;

        // check the honeypot
        if (empty(get('website')) === false) {

        // get the data and validate the other form fields
        $data = [
            'name'      => get('name'),
            'email'     => get('email'),
            'message'   => get('message')

        $rules = [
            'name'      => ['required', 'min' => 3],
            'email'     => ['required', 'email']

        $messages = [
            'name'      => 'Por favor escriba un nombre válido.',
            'email'     => 'Por favor escriba un correo válido.'

        // some of the data is invalid
        if ($invalid = invalid($data, $rules, $messages)) {
            $alerts = $invalid;

        // the data is fine, let's send the email
        if (empty($alerts)) {
            try {
                    'template' => 'email',
                    'from'     => '',
                    'to'       => '',
                    'subject'     => 'Contacto',
                    'data'        => [
                        'name'      => esc($data['name']),
                        'email'      => esc($data['email']),
                        'message'   => esc($data['message'])
            } catch (Exception $error) {
                $alerts[] = $error->getMessage();

            // no exception occurred, let's send a success message
            if (empty($alerts) === true) {
                // store reference and name in the session for use on the success page
                    'name' => esc($data['name'])
                // redirect to the success page

     // return data to template
    return [
        'alerts' => $alerts ?? null,
        'data'   => $data   ?? false,

Looks like your web hoster disabled the PHP function escapeshellcmd() on their servers. This is sometimes done citing security risks, and causes sending e-mails through PHP’s own mail() function (which your use of $kirby->email() invokes) to fail with above error.

To work around this, try using SMTP to send e-mail instead of the default configuration, as described here; you will have to find the correct SMTP server settings (and probably set up an SMTP account for sending) from your hoster.

1 Like


I encountered the exact same problem.

Perhaps @jahasielserna can share the settings that worked in their case?

Thank you

Hi @plagasul!

This solution worked for me. I just had to create an email account from which I could send emails.

Ah, I see, thank you.

May I ask where did you obtain host and port ?


They are given by your email provider, in my case it was zoho mail, which and port 465 is the standard port to use smtp securely.

1 Like

That did work :slight_smile:

1 Like