Suexec and permissions on fresh install

So I'm working out the kinks on a fresh LSE install. I have a single domain running a wordpress site on a vps with a clean ubuntu 22/plesk setup. Like many other people, I have some confusion over the optimal permission/ php setup. Wordpress started giving me permission errors when doing any file write tasks(updating/deleting plugin etc) after the install because I originally had php Suexec disabled so the ls php handler was running as www-data which had no effective write privileges in the wordpress directories which are 755/files 644. The errors went away as soon as I enabled suexec in the LS web manager.

However, because I have one user under a single domain running a fairly simple WP site that's behind a cloudflare proxy, is running php suexec the best way to go? Or is there a different way to give php the effective write permissions to the wordpress directories? Is there a performance hit doing it this way?