Suhosin hosted on github is a PHP security extension. Suhosin can protect you from insecure code and possible buffer overflows.
Install Suhosin on your VPS or dedicated server only takes a few minutes and could protect you from poorly coded WordPress plugins.
This tutorial was tested on Debian 7 (Wheezy), 8 (Jessie) and Ubuntu 14.04 (Trusty) with PHP 5.6 and nginx. Previous versions of PHP are not security maintained anymore or will not be soon (e.g. PHP 5.5) so if you are not on PHP 5.6 then upgrade as soon as possible.
Install Suhosin php5-fpm Security for WordPress
First install the PHP 5 development tools so that Suhosin can be compiled.
sudo apt-get update
sudo apt-get install php5-devIf you have a custom repository for php5 then you may need one of these commands.
sudo apt-get install php5.6-dev
sudo apt-get install php5*-devEnter the temporary folder and download the latest Suhosin release from github and build it.
cd /tmp
SUHOSINLATEST=$(wget -q -O - https://github.com/stefanesser/suhosin/releases/ | grep tar.gz | awk -F [\"] 'NR==1 {print $2}')
wget https://github.com$SUHOSINLATEST -O suhosin.tar.gz
tar -xf suhosin.tar.gz
cd suhosin*
phpize
./configure
sudo make
sudo make installCreate the Suhosin ini file
echo "extension=suhosin.so" | sudo tee -a /etc/php5/mods-available/suhosin.iniIf using php5-fpm, symlink the suhosin.ini to the modular conf.d folder
sudo ln -s /etc/php5/mods-available/suhosin.ini /etc/php5/fpm/conf.d/30-suhosin.ini
sudo ln -s /etc/php5/mods-available/suhosin.ini /etc/php5/cli/conf.d/30-suhosin.iniNow you can restart php5-fpm
sudo service php5-fpm restartYou will be able to see the Suhosin extension in a php info file
Miscellaneous Suhosin Fixes
If you use WP-CLI you will find Suhosin prevents you from executing any commands unless you make an exception for phar
echo 'suhosin.executor.include.whitelist="phar"' >> /etc/php5/cli/php.iniIf you have a large WordPress menu with many items then you need to increase max_input_vars or the menu will not save your new items properly
echo "suhosin.post.max_vars = 3000" >> /etc/php5/fpm/php.ini
echo "suhosin.request.max_vars = 3000" >> /etc/php5/cli/php.iniThose are just some of the Suhosin PHP fixes I have encountered, if you have any other issues then Google will likely show you how to resolve them.