Install Suhosin php5-fpm Security for WordPress

Suhosin hosted on github is a PHP security extension. Suhosin can protect you from insecure code and possible buffer overflows.

Install Suhosin on your VPS or dedicated server only takes a few minutes and could protect you from poorly coded WordPress plugins.

This tutorial was tested on Debian 7 (Wheezy), 8 (Jessie) and Ubuntu 14.04 (Trusty) with PHP 5.6 and nginx. Previous versions of PHP are not security maintained anymore or will not be soon (e.g. PHP 5.5) so if you are not on PHP 5.6 then upgrade as soon as possible.

Install Suhosin php5-fpm Security for WordPress

First install the PHP 5 development tools so that Suhosin can be compiled.

sudo apt-get update
sudo apt-get install php5-dev

If you have a custom repository for php5 then you may need one of these commands.

sudo apt-get install php5.6-dev
sudo apt-get install php5*-dev

Enter the temporary folder and download the latest Suhosin release from github and build it.

cd /tmp
SUHOSINLATEST=$(wget -q -O - | grep tar.gz | awk -F [\"] 'NR==1 {print $2}')
wget$SUHOSINLATEST -O suhosin.tar.gz
tar -xf suhosin.tar.gz
cd suhosin*
sudo make
sudo make install

Create the Suhosin ini file

echo "" | sudo tee -a /etc/php5/mods-available/suhosin.ini

If using php5-fpm, symlink the suhosin.ini to the modular conf.d folder

sudo ln -s /etc/php5/mods-available/suhosin.ini /etc/php5/fpm/conf.d/30-suhosin.ini
sudo ln -s /etc/php5/mods-available/suhosin.ini /etc/php5/cli/conf.d/30-suhosin.ini

Now you can restart php5-fpm

sudo service php5-fpm restart

You will be able to see the Suhosin extension in a php info file

Miscellaneous Suhosin Fixes

If you use WP-CLI you will find Suhosin prevents you from executing any commands unless you make an exception for phar

echo 'suhosin.executor.include.whitelist="phar"' >> /etc/php5/cli/php.ini

If you have a large WordPress menu with many items then you need to increase max_input_vars or the menu will not save your new items properly

echo " = 3000" >> /etc/php5/fpm/php.ini
echo "suhosin.request.max_vars = 3000" >> /etc/php5/cli/php.ini

Those are just some of the Suhosin PHP fixes I have encountered, if you have any other issues then Google will likely show you how to resolve them.