WordPress.org

Ready to get started?Download WordPress

Forums

SuPHP vs ??? for security (2 posts)

  1. Brayne
    Member
    Posted 9 months ago #

    I've read that wordpress suggests using SuPHP for security. I'm looking to "tighten the screws" so-to-speak and I'm concerned that SuPHP states "This mod is no longer maintained." Is there a worthy substitute or is SuPHP the de-facto standard? Any advice would be greatly appreciated.

    Edit - Sorry, perhaps this post should be in "beyond the codex?"

  2. Dragons Eye
    Member
    Posted 9 months ago #

    If you are looking for how to do it in the .htaccess file,

    This one works:

    <IfModule mod_suphp.c>
    # Change path to where YOUR site's "php.ini" file is located.
    suPHP_ConfigPath /root/user/www
    # Be sure to protect your "php.ini"
    <Files php.ini>
    order allow,deny
    deny from all
    </Files>
    </IfModule>

    Whoever said the suPHP is discontinued, needs to realize that most of the major web-hosting providers run such secure services like Fast-CGI, etc. from Apache. BTW: If you set up your .htacess this way, you MUST have a "php.ini" for your site as pointed to by the ConfigPath variable. YOU are responsible for the proper settings of the various PHP-environment variables to include the "include" file locations, whichever additional Apache modules you wish to preload and use, etc.

    But YES, this is how you secure the execution of your PHP scripts, for your whole site if you wish.

    - Dragon's Eye

Reply

You must log in to post.

About this Topic