Yes, you CAN use HTTP Authentication without having PHP compiled as an Apache module! You do need to be running Apache and have access to .htaccess. If you do, then see HTTP Authentication Using PHP CGI and Apache for the details.

This is to remind everyone that there is a very comprehensive (and unbiased) comparison of the main security tools for Nuke at Free Software Reviews.

takaharu writes:  

Hi, we opened a new site dedicated to selfdefense, police defense, special gear and all online and offline security. The site is protected by SENTINAL off course and based on RAVEN's distro. We still welcome moderators and contributors. Total Security

sixonetonoffun writes:  

If you are running PHPNuke and have the img tag in your allowed html array in config.php you need this hack! This hack replaces the code in the check_html function with KSES which works much better for filtering attributes such as style= out of allowed tags. If something is not in the allowed attribute array it gets stripped out period. So if you are using a WYSIWYG editor for you Submit News ect... you need to know that by allowing img in the phpnuke allowed array you are also allowing other attributes that can be easily exploited.You can get it HERE Any comments or concerns can be posted to my forum.

It appears that the Journal module is plagued with exploits. I will not publish them but I recommend that you NOT use this module until it is either rewritten or patched.

See this post also.

PHP-Nuke Patched 2.5 includes a more effective file access protection and all other fixes found in Sec-Fix Patch 7.3 plus additional variable validation to better protect against XSS and SQL injection attacks. The list of changes will be published at NukeFixes over the next few days, some are already available. My apologies to those using PHP-Nuke 6.0 but its patch only underwent minor changes and does not include all the new fixes, 8 versions are a bit too much to edit, eventually this patch will only be updated for 7.x versions.

Download Locations:
Nuke 60 - Nuke 6.5 - Nuke 6.6-6.8 - Nuke 6.9 - Nuke 7.0 - Nuke 7.1 - Nuke 7.2 and Nuke 7.3

Note: 

The patches for 6.5 and up include a config.php file, make sure you edit it using yours as a template before uploading it.