Wordpress and suPHP
 

On two of my hosts (VPS, Liquidweb and Servint) I can't get wordpress media upload working (as well as wordpress/plugins auto update):

Host's recommended method for solving this issue is to enable suPHP. And yes, it's working when I run suPHP. However, suPHP requires more server resources. Is this the only solution? Well, I don't consider chmod 777 or turning off PHP safe mode as a solution. Thanks!

php safe mode is deprecated since 5.3
http://php.net/manual/en/features.safe-mode.php

you should upgrade your php first if you are concerned about security

I would advice suphp, especially with wordpress which get hacked a lot
Your normal sites can still run mod_php

Thanks, actually I run only wordpress on those accounts.

Change the owner of wp-content to apache or whatever is required to allow you to upload images. Note: this may not let you modify or delete any of those files through FTP later.

If that doesn't work because of safe mode, you're stuck with using FTP to do all your uploads manually.

imho

create a new user who has apache and ftp permissions then

chown the new user

is what you need., i had the same issue., you most likely cant update wordpress too.

You are correct suPHP is the WRONG answer. suPHP is the same as chmodding ALL of your files 777 - it let's all scripts write anywhere they want. Stupid. Very stupid.

Along with chmodding that directory (and only the required directory) 777, use a <Directory> entry outside of that directory to lock it down - "deny from all" if possible, at least turn off PHP for that directory.

If you want to get fancy, you can bind mount the directory noexec.

Thanks guys for your advices.

they probably have nobody/nobody as the apache user