What is suPHP ?
suPHP is a tool for executing PHP scripts with the permissions of their owners or a program that controls who can access certain files. All scripts executed on the server need to be authorized to run on the server. This enhances security by not running scripts as the web server user (nobody) or as root. So even if there is a vulnerable php script installed, it can at most execute with the permissions of the non-privileged user you choose for it to use.
PHP scripts are interpreted by suPHP and suPHP then calls the php interpreter as the specified user and interprets the scripts as that user.
1) Log into the WHM.
2) Go to Main » Software » EasyApache (Apache Update).
3) Leave Previously Saved Config checked and select Start Customizing Based on Profile.
4) For security reason we recommend selecting the latest versions of Apache and PHP on the next three steps unless you have good reason to stick with an older version.
5) will have a screen with quite a few options on it, the one we are concerned about is the second option SuPHP. Tick the checkbox here, scroll down
6) click Save and Build.
Why use suPHP?
suPHP is of great importance to ensure a safe environment for running applications and to make PHP-based applications such as Drupal more user-friendly. To be specific, users install or upload any template via Drupal without suPHP, their template files can be edited or deleted by any user at random. But for scripts equipped with a suPHP server, their template files are owned by the account holder and admin user.
Moreover, as most of the third party applications ask for some certain folders to have the permissions of 777, hackers with the 777 permission are able to upload malicious files into user’s account which probably affects the security of the files. As to suPHP users, there is no need to have the 777 permissions and an automated error message will appear when somebody tries to approach the file through 777 permissions.