WordPress Security Issues

In order for everyone to be helpful to WP users, the forums here are for participation and not just letting people know things. Why not search the forums and docs to see what people are already doing with Suhosin (and security in general) and add something to the threads?

@songdogtech

I searched and read every post and tried everything suggested and everything else I could think of and after 3 weeks of frustration the only way I cold get WordPress to work on my server was to re-configure php without Suhosin.

Maybe other people found a different solution, but I certainly could not.

Sorry if my post was inappropriate, but I figured maybe if I had to disable Suhosin it’s very possible that there may be other people for which that is the only solution also.

@songdogtech

It may also be worth saying that I couldn’t get WordPress to install or get any kind of error whatsoever from any of the other files I went to… every file I tried going to with my browser just said “Internet Explorer cannot display this webpage”. It was as if the files weren’t even being recognized as existing on the server. I’m using IE7 if that makes a difference.

I didn’t mean to offend you songdogtech

Anyway, I solved my problem by disabling Suhosin because that’s the only way I could find that worked for me.

You didn’t offend me (or hopefully anyone else)! It’s just from my experience and many others here that it’s helpful to be helpful. Go ahead and say that you’ve searched the forums, and also post the problems you had trying to get Suhosin to work with WordPress. Maybe someone else has figured it out on their own but has never posted about it.

Looking around, several people say they have had an issue where suhosin was using the user agent to encrypt the session. If you have compatibility mode on in IE8, the user agent for the page is IE7 but for the request is IE8. The solution is to turn off suhosin.session.cryptua. Might be worth a try. I don’t use Suhosin.