Hosting Tutorial & Guide

What Is suPHP? Why Use It?

updated on Aug 14, 2017
What Is suPHP? Why Use It? As security is always a top concern for running websites, suPHP is attached more and more emphasises and importance by a large number of webmasters. Especially for many PHP-based applications like Joomla, PrestaShop, Drupal| or more, suPHP can be an indispensable element for safely running them away from any malicious virus attacks.

But for many new beginners who know little about the cyber terms, they have puzzlements about what is suPHP on earth and why it is a necessary factor for creating a safe environment for websites. Thus, we put an elaborate tutorial to give clear explanation and direction on what is suPHP and why it is needed.

What is suPHP?

What Is suPHP As a tool for carrying out PHP scripts, suPHP needs the permissions of the script owners or a program with access to certain files and it runs the scripts as a user rather than the "Nobody" user. It means that suPHP is needed to be run in the application if some files will be uploaded in the CMS. And it consists of a setuid root binary and an Apache module which work to change the process's uid in executing the PHP interpreter.

Additionally, by using suPHP without the permission of 777 to write, read and execute all categories, the "Nobody" user can be avoided so as to any potential risk of unknown manipulation or management can be eliminated.

What's more, the suPHP 0.7.2, 0.7.1 as well as 0.7.0 have been newly released and they all made to fix some security-related issues and bugs on the operating environment. To be specific, the newest version of 0.7.2 fixes the security issue and users are able to edit or create .htaccess files to execute the arbitrary code with the individual privileges of the user.

There is one demerit that when it is called every time and inevitably processes the uploaded files, suPHP couldn't use any OPCode caching which directly causes higher usage of the CPU in the application. For users utilizing WordPress on the low-end VPS or other server, this mentioned configuration can be easily finished with overpassing the CPU limits.

How suPHP Works?

Due to the fact that most PHP scripts are running under “Nobody”, anyone within the same Apache server can open a specific file permission to 0777 for content reading, writing, and execution. To be honest, this can undoubtedly cause a security risk as malicious hackers can easily manipulate the files and access your entire site depending on that file to make some breakages.

In this case, suPHP is needed to deal with this plight, for it can stop PHP application from running using the server’s default shared username, but running with the authentication of the specific user instead.

Why use suPHP?

Why Use suPHP In a word, suPHP is of great importance to ensure a safe environment for running applications and to make PHP-based applications such as Drupal more user-friendly. To be specific, users install or upload any template via Drupal without suPHP, their template files can be edited or deleted by any user at random. But for scripts equipped with a suPHP server, their template files are owned by the account holder and admin user.

Moreover, as most of the third party applications ask for some certain folders to have the permissions of 777, hackers with the 777 permission are able to upload malicious files into user's account which probably affects the security of the files. As to suPHP users, there is no need to have the 777 permissions and an automated error message will appear when somebody tries to approach the file through 777 permissions.

Where and How to Download suPHP?

Users who are confused about where and how to download suPHP to use are able to click to scan the dedicatedly-made download tutorials and solutions on the homepage. It is obvious that the installation of suPHP is complicated and needs related professional knowledge, so a powerful web host willing to help is rather necessary.

Thus, we have done an overall research for a long time and at length selected those high-quality and trust-worthy suPHP-based hosting plans as following.