...
The security posture is from an administrative perspective and not for self-serve and shared hosting.
| Panel |
|---|
Determine if this actually increases security - http://www.suphp.org/Home.html. suPHP and LiteSpeed make the most sense for shared hosting. This article indicates that suphp is slow as it makes php run as a cgi. Instead it recommends restrictions using mod_php - http://serverfault.com/questions/279938/should-i-use-suphp-or-mod-php-for-shared-hosting. Along this thread another poster recommends, http://mpm-itk.sesse.net/ which allows vhosts to be run under different uid and gid. This restricts the php process to specific directories - http://help.godaddy.com/article/1616 A great discussion on using permissions, same conclusion I was coming to using www-data group - http://unix.stackexchange.com/questions/30879/what-user-should-apache-and-php-be-running-as-what-permissions-should-var-www |
...
Nothing I can see. It just looks like php5 is an overarching package name.
References
Setup
Ubuntu Server Documentation - https://help.ubuntu.com/12.04/serverguide/php5.html
Security
Has some ok details around suPHP - https://help.ubuntu.com/community/ApacheMySQLPHP#Installing_MYSQL_with_PHP_5
Some good notes on securing PHP from Symantec - http://www.symantec.com/connect/articles/securing-php-step-step
Start some good security practices for WordPress - http://www.howtospoter.com/web-20/wordpress/triple-p-of-total-wordpress-security