PHP Settings

PHP is one of the most popular scripting languages for creating dynamic web pages. The majority of today's websites and web applications are based on PHP scripts. This is why site administrators should clearly understand how they can control the execution of PHP scripts.

How PHP scripts are executed for a certain website is fully defined by two aspects: PHP handler and PHP settings for the site. You can set up these parameters for a certain website in the Control Panel as described below.

Note: PHP shipped with Plesk comes with the IonCube loader pre-installed.

PHP Handler

When a visitor accesses a site based on PHP scripts, a web server interprets site scripts to generate a page that will be shown to the visitor. PHP handler calls PHP libraries needed for this interpretation. You can choose from a number of PHP handlers: ISAPI (Windows), Apache module (Linux), FastCGI, CGI, or PHP-FPM (Linux). The decision on what PHP handler to choose should depend on a number of factors like security considerations, script execution speed, and memory consumption.

To choose a PHP handler for your website:

If you have access to several subscriptions, select the required subscription in the Subscription box at the top of the screen. Or, to view sites of all your subscriptions, select All subscriptions.
Go to Websites & Domains.
Click Hosting Settings below the domain name of a website for which you want to choose the PHP handler.
Choose one of the following PHP handlers as the value of the Run PHP as parameter (beside the PHP support option):

Run PHP as	Performance	Memory Usage	Security
Apache module (Linux only)	High. Runs as a part of the Apache web server.	Low	This handler (also known as mod_php) is the least secure option as all PHP scripts are executed on behalf of the `apache` user. This means that all files created by PHP scripts of any plan subscriber have the same owner (`apache`) and the same permission set. Thus, a user might be able to affect files of another user or some critical system files. Note: You can alleviate some security issues by turning the PHP safe_mode option on. It disables a number of PHP functions that bring potential security risk. Note that this may lead to inoperability of some web apps. The safe_mode option is considered to be obsolete and is deprecated in PHP 5.3.
ISAPI extension (Windows only, not supported since PHP 5.3)	High. Runs as a part of the IIS web server.	Low	The ISAPI extension can provide site isolation in case a dedicated IIS application pool is switched on for subscriptions. Site isolation means that sites of different customers run their scripts independently. Thus, an error in one PHP script does not affect the work of other scripts. In addition, PHP scripts run on behalf of a system user associated with a hosting account. Note: The ISAPI extension handler is not supported since PHP 5.3.
CGI application	Low. Creates a new process for each request and closes it once the request is processed.	Low	The CGI handler provides PHP script execution on behalf of a system user associated with a hosting account. On Linux, this behavior is possible only when the suEXEC module of the Apache web server is on (the default option). Otherwise, all PHP scripts are executed on behalf of the `apache` user. We recommend that you use the CGI handler only as a fall-back.
FastCGI application	High (close to Apache module and ISAPI extension). Keeps the processes running to handle further incoming requests.	High	The FastCGI handler runs PHP scripts on behalf of a system user associated with a hosting account.
PHP-FPM application (Linux only)	High	Low	The PHP-FPM is an advanced version of FastCGI which offers significant benefits for highly loaded web applications. The PHP-FPM handler is available only if it was installed by the hosting provider and if the option Process PHP by nginx in the website’s settings is turned on (Websites & Domains > select a domain > Web Server Settings).

Note: Switching PHP from Apache module to FastCGI application may disrupt the operation of existing PHP scripts. Switching to PHP-FPM by selecting Process PHP by nginx in the website’s web server settings may do the same.

PHP Version

Plesk supports different versions of PHP. For each handler, one or more PHP versions can be available. To select the PHP version for a website, go to Websites & Domains > Hosting Settings and select the desired PHP version from the PHP version menu. If the desired PHP version is missing from the list, contact your hosting provider.

Note: Always use PHP 5.x except for the cases when you need PHP 4.x to host some old PHP apps.

PHP Settings

The processing of PHP scripts depends on several configuration settings. These settings specify various script execution aspects, like performance (for example, the amount of memory a script can use), security (for example, access to file system and services), and so on. You may need to adjust these settings for a number of reasons:

Preventing a memory leak or server hang-up by poorly written scripts.
Protecting data from malicious scripts.
Meeting the requirements of a certain web app.
Testing own scripts and other.

PHP settings are located in the Control Panel, Websites & Domains > select a website > PHP Settings. For convenience, all PHP settings are divided into two groups:

Performance settings.
These settings define how scripts work with system resources. For example: Use the memory_limit parameter to limit the amount of memory for a script to prevent a memory leak. In addition, you can prevent scripts from tying up the server by limiting the maximum time scripts are allowed to run using max_execution_time.
Common settings.
This group contains other commonly used PHP settings. Generally, these are: Security settings (for example, the PHP safe mode toggle or the permission to register global variables), error reporting settings (for example, the directive to log errors), and others.

You can set the value of each parameter in PHP Settings either by selecting a value from a preset, typing a custom value, or leaving the Default value. In the latter case, Plesk uses the values defined by the server-wide php.ini file. For information about certain PHP settings, refer to the respective documentation. For example, http://php.net/manual/en/ini.list.php.

It is possible to use three placeholders in parameter values:

{DOCROOT} for the document root directory of a domain that gets custom PHP configuration.
{WEBSPACEROOT} for the root directory of a subscription (webspace).
{TMP} for the directory which stores temporary files.

Note: Default values of PHP settings in Plesk differ from the ones suggested by the official PHP documentation at http://php.net/manual/en/ini.list.php.

Note: Custom PHP configuration of a website acts as a preset for all subdomains of this site. You can perform further per-subdomain PHP configuration in the same way as for the websites.