Suhosin PHP Security Extension
It offers great coding flexibility and is compatible with various modules that can extend its capabilities significantly.
However, as powerful as PHP might be, poor coding can make your server vulnerable to security threats. To address this negative scenario, PHP extensions like the Suhosin PHP Security Extension have stepped in.
PHP Security Threats
Over the years, PHP has grown to be the most preferred web programming language thanks to its short learning curve and the great deal of options for building dynamic web projects.
According to a recent W3Techs survey, PHP is used by 83.1% of all server-side programming language-based websites.
Just like other programming languages, however, PHP is not immune to poor coding practices and all web servers can potentially become vulnerable to attackers.
You may have crafted the most perfect piece of code, but if you allow non-verified code from other developers to run on your server, you will open the door to vulnerabilities.
If you are hosting third-party PHP applications, for example, you cannot trust the quality of that code either.
This is where the Suhosin PHP Security Extension kicks in.
What is The Suhosin PHP Security Extension?
Suhosin (pronounced ‘su-ho-shin’, which means ‘guardian angel’ in Korean) is an advanced protection system for PHP installations developed by the German company Sektion Eins.
It was designed to protect servers and users from all manner of flaws in PHP applications and in the PHP core itself.
Suhosin PHP Security Extension works on two levels. First, it protects the PHP core against buffer overflows and format string vulnerabilities. And second, it acts as a powerful PHP extension that tackles operability issues.
The two functions can be used separately or in combination.
Why use Suhosin PHP Security Extension?
If you are using PHP on your personal server where you run your own vulnerability-free scripts and applications, then you most probably don’t need the Suhosin PHP Security Extension.
However, one should keep in mind that PHP is a very complex language with lots of easy-to-overlook pitfalls.
Therefore, it is always a good idea to have Suhosin running in the background as an additional safety measure.
According to its developers, the Suhosin PHP Security Extension will effectively protect your server against malicious attacks resulting from backdoors left in your code.
Suhosin PHP Security Extension will also ensure that no one else on the web will be affected if your server falls prey to spam or DDoS attacks, for instance.
How to make use of Suhosin PHP Security Extension on our hosting?
To help you maintain a secure environment for your PHP-based projects, we’ve installed the Suhosin PHP Security Extension on our servers.
You can enable the extension with a click from the PHP Settings (Advanced>PHP Settings) section of your Control Panel:
Please keep in mind that Suhosin supports all PHP versions from 5.4 forward: