The webserver that hosts this blog now uses suPHP! Php scripts by default run as the same user as Apache, which can be a security nightmare when php needs to be able to write to a file or directory because then any Apache process has write access as well. suPHP runs scripts as a user (defined in a virtualhost block) to eliminate this issue.
And there’s a bonus! The wordpress admin interface has the capability to do things like manage plugin upgrades and edit theme files, but only if php can write to the appropriate files and directories. I hadn’t been using those features because of the security concerns. Now, however, with wordpress running as my user, I can use those features without having scary permissions on my files!
It’s easy to set up following the docs on the suPHP site. The only hurdle I encountered was that the php binary used by suPHP needs to be the cgi binary, not the cli binary. That little tidbit of information only graces the suPHP docs in the FAQ, so it was easy to miss. I also spent a fair amount of time trying to figure out how to get the php compiler to make the cgi binary, but it turns out that all I had to do was lose the –with-apxs2 configure option.