What are PHP Handlers and Why Do They Matter?

Published on: January 28, 2016

PHP handlers are necessary for everyday function of your server and determine how a PHP process is loaded on your server. To run PHP files or scripts on your site, a PHP handler is needed to decipher the code within a PHP file based on the PHP version to display the content over the web.


What kind’s of PHP Handler’s do we offer and support?

  • DSO
  • SuPHP
  • CGI
  • FCGI

Why would I change my PHP handler?

The reason to switch PHP handler’s would depend on what you are trying to use your server for, such as if you are looking for performance, need caching for your site(s), needing a specific module enabled, and the list can go on. We will explain the differences between each handler and what it is best used for.

SuPHP

SuPHP is used on all of our Shared and Re-Seller server environments, as it is cPanel’s preferred PHP handler, and is noted as the most secure PHP handler. SuPHP works by running PHP as a CGI module on the server which separates each PHP processes under the user in which is running them.

Pros:

  • Default cPanel PHP Handler
  • PHP processes run under the user in which it is owned to
  • Uses SuExec to run the “forked” secure PHP processes
  • Upload tool’s on your site will provide the proper ownership and permissions to files and updates
  • PHP scripts are unable to be executed unless owned to the proper user

Cons:

  • Higher CPU usage
  • Creates a new PHP process whenever PHP is needed to run
  • World writeable files will be unable to be executed. (Files with permissions 777)
  • No PHP Caching utility can be used (OPCache, APC, XCache, etc.)

DSO

This is another default handler, and is commonly considered the fastest PHP handler available. DSO runs PHP as an Apache Module, meaning PHP scripts will run as Apache’s default user “nobody” instead of the cPanel user.

Pros:

  • Considered the fastest PHP Handler.
  • Low CPU and Memory usage.
  • Option to use caching extensions
  • You can enable Mod_Ruid2, which will give DSO the strength in security similar to SuPHP. It creates the permissions for PHP to run as the cPanel user instead of “Nobody”.

Cons:

  • Best used if you are only running one or a very small amount of accounts on the server
  • If using Mod_Ruid2, you can not use Apache Mod_userdir for temporary links to view sites (Ex: http://ServerIP/~User)
  • Easily exploitable if compromised due to permissions owned to “Nobody”
  • Auto-updates and Uploading tools from WordPress or other CMS’s will fail due to permissions
  • Used mainly with Apache and NginxCP as the main webserver
  • If an account starts to abuse resources, we are unable to determine which user is causing this (Unless running Mod_ruid2 apache module)

CGI

CGI runs PHP as a CGI module instead of an Apache module. This PHP is not commonly used as it is considered the slowest PHP handler.

Pros:

  • The processes still run as the user “Nobody”
  • If using with SuEXEC, you can see what user has made a PHP request

Cons:

  • Insecure
  • High CPU usage
  • Usually not recommended

FCGI

Commonly known as Fast CGI, and is a higher performance version of the CGI PHP handler and is comparable to DSO.

Pros:

  • Low CPU consumption
  • Run’s PHP processes as the cPanel user
  • Ability to use Caching extensions
  • Very similar to the DSO handler
  • Able to work with Nginx and non-Apache webservers

Cons:

  • High memory consumption
  • PHP is running as a constant open process, rather than opening when a PHP request comes to the server

How would I change PHP Handlers?

  • To change your PHP handler would depend on which handler you want, as most are available in WHM, but some server’s will need to be recompiled have certain modules available to PHP to make the change from within WHM.
  • If you are unsure of how to do this, feel free to open a ticket with our Support team to evaluate what handler would be best for your server and have this upgraded!

This article was written by Support Technician II Vanessa S.



Back To Top