What's the difference between PHP Handlers CGI, suPHP, mod_php (DSO) and FastCGI
On a cPanel VPS or Dedicated Server you have the option of choosing from up to 4 different PHP Handlers. Choosing the right one is important,as depending on how you use your server, different handlers will give you different performance and security benefits.
Note: If you're on a managed server and want to use a PHP handler that's not in the WHM options, feel free to submit a support ticket and we'll be happy to install it for you.
suPHP
suPHP works by running individual PHP files under the user (cPanel user in this case) that executes the script, rather than the default "nobody" Apache user.
- Main Benefits:
Very secure. If one PHP script is
exploited, that exploit cannot affect any other cPanel
accounts/websites on the server. suPHP uses suEXEC to set permissions, and is also highly compatible with CMSs
like WordPress and Joomla.
- Main Disadvantages:
Slow, especially for complex websites. Requires more CPU resources
than the other handlers. Also, will not allow you to change PHP
variables using .htaccess code, instead all changes will need to be made
in the relevant php.ini file or using EasyApache4 and MultiPHP.
- Best Used: Servers that have many cPanel accounts and where security is a top priority.
DSO (mod_php)
DSO is the fastest way to run PHP files on a server. It executes all PHP scripts under the Apache user "nobody". This allows scripts to be executed quickly, but makes it hard to set secure permissions.
- Main Benefits:
Fast. Has very little overhead, especially if the module OPcache is
also used. Allows PHP variables to be set using .htaccess code.
- Main Disadvantages: Insecure.
As all PHP files are run under the "nobody" user, it's possible for a
PHP file exploit on one website to affect an unrelated part of the server. Servers using DSO should make
sure that their websites and CMSs are secured tightly. Also,
permissions will need to be set for every PHP file manually, as by
default they are owned by the "nobody" user, which can cause websites to
crash until the issue is resolved.
- Best Used:
When a more powerful server can't be used, the server is backed
up offsite regularly and security of the server is not a priority.
FastCGI (FCGI)
FastCGI combines the best of DSO and suPHP. It allows PHP files to be run by the user (through the use of suEXEC). This keeps the server secure, while also not requiring a separate PHP process for each script, meaning that the processes run relatively fast.
- Main Benefits:
Both fast and secure. While DSO is faster and suPHP is more secure, FCGI
is a great middle ground that provides the best of both worlds.
- Main Disadvantages:
Uses more system memory than the other PHP handlers, as a PHP process
is kept running at all times. Custom PHP coded scripts may be more
likely to produce errors on FCGI, so it is worth having an active
developer available.
- Best Used:
When both speed and security are important, however as suPHP is more
secure, it's still important to keep website security up to date.
CGI
CGI is a legacy PHP handler that's not commonly used anymore. It's similar to suPHP in that it allows PHP scripts to be run as an individual user, however it's older and less efficient.
- Main Benefits: It's highly configurable and supports setting PHP permissions to the user (through suEXEC).
- Main Disadvantages: Slowest of all the PHP handlers.
- Best used: CGI isn't used much any more. It's only common use is on environments where other handlers aren't available.
