suPHP – Recommended By WordPress For Better Security

I’m taking a wild guess here, if you are a Blogger and if you are reading this, then probably you are indeed using a WordPress blog, or maybe you want to use a WordPress(.org) blog. Right? It’s okay. The point is, it’s easy to install a WordPress CMS, but when you want to secure your WordPress blog, things get a little bit tricky. We’ll talk about suPHP and why we need them.

What Is suPHP?

suPHP - Recommended By WordPress For Better Security

suPHP (Secuure PHP) is a tool used for executing PHP scripts and it is controlled by the owners. It has an Apache module (mod_suphp) and a setuid root binary (suphp). With suPHP, the file permission handling will be more secure than it is normal.


20+ Essential Tips To Protect Your WordPress Blog

Why Do We Need suPHP?

First, if you are a WordPress user and if they recommend suPHP, then that’s a reason. Second, your hosting will use your account’s username instead of their server’s default shared username, which is more secure. This allows PHP processes to run under the owner of the file. By default PHP runs on the web server as user “nobody”, and you can override this.

Hosting is more secure when PHP applications, like WordPress, are run using your account’s username instead of the server’s default shared username. The most common way nowadays for hosting companies to do this is using suPHP. Just ask your potential host if they run suPHP or something similar. (via WordPress Requirements)

Apart from security stuff, this makes PHP applications like popular CMSs more user-friendly. This is all about file permissions and right ownership. It’ll prevent vulnerabilities and make your WordPress blog more secure. Most of the web hosting companies avoid suPHP for shared hosting since it’ll be an issue for other websites hosted on the same server. If you are a hardcore programmer or coder, you can manually do the suPHP thing on your server, if not, you can always ask your web hosting support to install suPHP on your server (if it is not already present) for you, I’m sure they’ll be happy to keep their servers (and your blogs) more secure.

You can either get a server which will support this or you can get an account on web hosting platforms like Inmotion Hosting where it’s already been configured.

If you are still confused about this, do let us know your queries in the comments below and we’ll be happy to help you out regarding this.

Leave a Comment