PHP is a mainstream programming language that underlies millions of projects on the web.
It offers great coding flexibility and is compatible with various modules that can extend its capabilities significantly.
However, as mighty as PHP might be, poor coding can make your server vulnerable to security threats. To address this negative scenario, PHP extensions like Suhosin have stepped in.
PHP security threats
Over the years, PHP has grown to be the most preferred web programming language thanks to its short learning curve and the great deal of options for building dynamic web projects.
According to a recent W3Techs survey, PHP is used by 83.1% of all server-side programming language-based websites.
Just like other programming languages, however, PHP is not immune to poor coding practices and web servers can easily become vulnerable to attackers.
You may have crafted the most perfect piece of code, but if you allow non-verified code from other developers to run on your server, you will open the door to vulnerabilities.
If you are hosting third-party PHP applications, for example, you cannot trust the quality of that code either.
This is where the Suhosin solution kicks in.
What is Suhosin about?
Suhosin (pronounced ‘su-ho-shin’, which means ‘guardian angel’ in Korean) is an advanced protection system for PHP installations developed by the German company Sektion Eins.
It was designed to protect servers and users from all manner of flaws in PHP applications and in the PHP core itself.
Suhosin works on two levels. First, it protects the PHP core against buffer overflows and format string vulnerabilities. And second, it acts as a powerful PHP extension that tackles operability issues.
The two functions can be used separately or in combination.
Why use Suhosin?
If you are using PHP on your personal server where you run your own vulnerability-free scripts and applications, then you most probably don’t need the Suhosin extension.
However, one should keep in mind that PHP is a very complex language with lots of easy-to-overlook pitfalls.
Therefore, it is always a good idea to have Suhosin running in the background as an additional safety measure.
According to its developers, the Suhosin extension will effectively protect your server against malicious attacks resulting from backdoors left in your code.
Suhosin will also ensure that no one else on the web will be affected if your server falls prey to spam or DDoS attacks, for instance.
How to make use of Suhosin on our platform?
To help you maintain a secure environment for your PHP-based projects, we’ve installed the Suhosin extension on our servers.
You can enable the extension with a click from the PHP Settings (Advanced>PHP Settings) section of your Control Panel:
Please keep in mind that Suhosin supports all PHP versions from 5.4 onwards: