PHP's .ini mini guide
Tightening PHP revolves largely around its configuration file, php.ini.
Locating your configuration options
Even with some shared hosts there's quite a lot you can do to tighten up your PHP installation. In cPanel, for example, you can investigate your options by choosing the main menu's php.ini QuickConfig icon and selecting Enable QuickConfig.
Note
WordPress 3.2 drops support for PHP versions below 5.2, so nag your web host.
For unmanaged types, open your php.ini file with a terminal. The path may vary, but can be located with sudo find / -name php.ini -print or, if there's more than one file, add a temporary page with <?php phpinfo();?> inside, browse there, and look for this:
That done, delete the file before someone else looks too. And open the .ini:
sudo nano /etc/php5/apache2/php.iniMaking .ini a meany
Here are the key security variables. Some defaults are the same as the recommended setting but check, they may have been changed. Variable's proceeded by ;semi-colons...
