For any PHP based applications like WordPress, Drupal and Joomla, security can be regarded as one of the top issues. To guarantee a worry-free and hacking-free environment, many hosting providers make use of the latest advanced technologies, among which the suPHP is the most popular and useful one.
As beginners might feel confused about this term, we’d like to come out a detailed introduction about it, telling our readers why it is needed within the hosting package.
What is suPHP?
To put it simply, suPHP is a powerful tool that is developed to execute PHP scripts with the permission of script owners, providing a solid layer of protection on web servers. Besides, it also can act as a special program that decides who can access which files.
Designed making use of the Apache module of mod_suphp and a setuid root binary, suPHP has been updated uninterruptedly for a higher level of security. At present, the latest version of suPHP is 0.7.2. This new release can fix a security issue that affects the source-highlighting feature and can only be exploited with the setting of suPHP_PHP Path option.
So far, almost all the leading hosting companies have included this feature into their services due to the strong protection that suPHP can offer.
How suPHP Works?
Due to the fact that most PHP scripts are running under “Nobody”, anyone within the same Apache server can open a specific file permission to 0777 for content reading, writing, and execution. To be honest, this can undoubtedly cause a security risk as malicious hackers can easily manipulate the files and access your entire site depending on that file to make some breakages.
In this case, suPHP is needed to deal with this plight, for it can stop PHP application from running using the server’s default shared username, but running with the authentication of the specific user instead.
Why Need suPHP?
The major function of suPHP is to achieve a safe and secure environment. In fact, it can also make the PHP applications user-friendly. Generally, the tools or templates uploaded and installed on a non-suphp server are owned by “Nobody”, meaning that users cannot edit and modify them manually or even delete their accounts. On the contrary, if this is a suPHP enabled website, then all of these files can be controlled and manipulated by the account holders or owners.
In addition, as the 0777 permission gives hackers access to upload bad files into your website, suPHP doesn’t require it, which increases the level of security to a large extent. If anyone tries to enter your folders or files with the help of 0777 permission, suPHP will display an error message.
Where to Find It?
According to suphp.org, people can download the version 0.7.2 of suPHP freely and easily. However, the installation process of this tool is very complicated and requires advanced knowledge. In this case, selecting a hosting plan like BlueHost, Arvixe, and InMotion that comes with suPHP is a great option as you can take advantage of it with ease.