What is the difference between suPHP and “regular” PHP?
Our regular installation of PHP has always run as the user “nobody” (a fact that often causes issues with temporary files and caches created by the webserver) and does not require the execute flag to run. This inherently creates a security risk that may allow other users to alter/view your files in certain circumstances.
suPHP fixes some of these problems because it requires all PHP scripts to run with the permissions of their owners, this in turn fixes common ownership problems of files in both Joomla and WordPress.
PHP Directives in .htaccess
Several users will have configured their site to read information from the .htaccess files which controls how PHP operates within their user directory. suPHP does not support these directives in .htaccess files, so any php_flag or php_admin_value directories in a .htaccess will need to be moved to a php.ini (which users should create in their public_html folder).
For example if a .htaccess turned register globals on in the following way:
php_flag register_globals on
This would need migrating to a php.ini file as:
register_globals=on
All PHP flags in .htaccess will REQUIRE to be migrated to php.ini.
500 – Internal Server Error
This is the most common error after installing suPHP so we’ve provided this as a troubleshooting guide.
- Check the cPanel Error Log (cPanel >> Error Log), this will help to diagnose the issue. In most cases the problems will be related to one of the two following issues.
- Have all the PHP directives been moved from .htaccess to php.ini?
- Directories that require write permissions will no longer require 777 permissions (which are very insecure) instead change these to 755.
- suPHP will refuse to serve any page it believes to be a security risk, for example 777 permission pages – these will generate an Internal Server Error.
Protecting php.ini
It is wise to take steps to protect php.ini from prying eyes by making it’s permissions 600. It is also possible to add the following to a .htaccess:
<Files *.ini>
Order deny,allow
Deny from All
</Files>
3rd Party Applications
If problems are encountered with 3rd party applications (WordPress, Joomla etc) please contact the vendor directly to check how to make their software work under suPHP.
Any servers not already using suPHP at BetterWebSpace will be doing so soon – so be ready for when the upgrades take place.