PHP is a major programming language that powers millions of projects on the web. It offers great coding flexibility and is compatible with various modules that can extend its capabilities significantly. However, as mighty as PHP might be, poor coding can make your server vulnerable to security threats. To address this negative scenario, PHP extensions like Suhosin have stepped in.

Security vulnerabilities in PHP

According to a recent W3Techs survey, PHP is used by 83.1% of all server-side programming language-based websites.  Now PHP has grown to be the most preferred web programming language thanks to its short learning curve and a lot of options for building dynamic web projects.

Just like other programming languages, however, PHP is not immune to poor coding practices and web servers can easily become vulnerable to attackers. You may have crafted the most perfect piece of code, but if you allow non-verified code from other developers to run on your server, you will open the door to vulnerabilities. If you are hosting third-party PHP applications with plugins, you cannot always trust the quality of the code either. This is where the Suhosin solution kicks in.

What is Suhosin about?

(pronounced ‘su-ho-shin’, which means ‘guardian angel’ in Korean) is an advanced protection system for PHP installations developed by the German company Sektion Eins.

It was designed to protect servers and users from all manner of flaws in PHP applications and in the PHP core itself.

Suhosin works on two levels. First, it protects the PHP core against buffer overflows and format string vulnerabilities. And second, it acts as a powerful PHP extension that tackles operability issues. The two functions can be used separately or in combination.

Why use Suhosin?

If you are using PHP on your personal server where you run your own vulnerability-free scripts and applications, then you most probably don’t need the Suhosin extension. However, one should keep in mind that PHP is a very complex language with lots of easy-to-overlook pitfalls. Therefore, it is always a good idea to have Suhosin running in the background as an additional safety measure. According to its developers, the Suhosin extension will effectively protect your server against malicious attacks resulting from vulnerabilities left in your code. Suhosin will also ensure that no one else on the web will be affected if your server falls prey to spam or DDoS attacks, for instance.

How to make use of Suhosin on our platform?

To help you maintain a secure environment for your PHP-based projects, we’ve installed the Suhosin extension on our servers.

You can enable the extension with a click from the PHP Settings (Advanced>PHP Settings) section of your Control Panel:


 PHP is used by 83.1% of all server-side programming language-based websites.