Security: suhosin / mod_spamhaus / mod_security / mod_evasive

How many of you are running Suhosin? That’s http://www.hardened-php.net/suhosin/ if the answer is no.

Do you have an alternative mod that you prefer? Or do you run security checks on *everything* before letting it go live?

What about mod-spamhaus? mod_security? mod_evasive? These were at one point the trifecta for getting our clients’ sites locked down quickly.

We don’t install these 3 when we put sites behind Varnish, but we use Suhosin whenever we install WP and particularly WPMU.