Well I have managed to plug the security hole, and I am currently working on refining the deployment by using the ability to disable functions in php …

The downside?

Some 5244 approx functions over 23 a4 pages …

update 04/12/2008:

For the impatient you can grab a php script I have written to build the complete comma separated list from subversion here: https://svn.blog.oneiroi.co.uk/branches/zen_of_secured_shared_hosting/trunk/disable_functions_string.php

Please note this is a ‘paranoid’ list (some 354 functions!), you will need to for instance remove phpversion, ini_get and http_build_query from the list to get wordpress working.

Customize to your needs :-)