SuPHP vs ??? for security (2 posts)

  1. Brayne
    Posted 2 years ago #

    I've read that wordpress suggests using SuPHP for security. I'm looking to "tighten the screws" so-to-speak and I'm concerned that SuPHP states "This mod is no longer maintained." Is there a worthy substitute or is SuPHP the de-facto standard? Any advice would be greatly appreciated.

    Edit - Sorry, perhaps this post should be in "beyond the codex?"

  2. Rev. Dragon's Eye
    Posted 2 years ago #

    If you are looking for how to do it in the .htaccess file,

    This one works:

    <IfModule mod_suphp.c>
    # Change path to where YOUR site's "php.ini" file is located.
    suPHP_ConfigPath /root/user/www
    # Be sure to protect your "php.ini"
    <Files php.ini>
    order allow,deny
    deny from all

    Whoever said the suPHP is discontinued, needs to realize that most of the major web-hosting providers run such secure services like Fast-CGI, etc. from Apache. BTW: If you set up your .htacess this way, you MUST have a "php.ini" for your site as pointed to by the ConfigPath variable. YOU are responsible for the proper settings of the various PHP-environment variables to include the "include" file locations, whichever additional Apache modules you wish to preload and use, etc.

    But YES, this is how you secure the execution of your PHP scripts, for your whole site if you wish.

    - Dragon's Eye

Topic Closed

This topic has been closed to new replies.

About this Topic