Okay, so I now have WordPress working with suphp, which allows for the use of Unix user accounts in php scripts. Steps:

• I made a dedicated jlmphp account, so php won’t have access to my main account.
• The hosting server (ofb.net) runs Debian, so I installed suphp with
  apt-get install libapache-mod-suphp
• In the Apache config, I put the lines:
  

  LoadModule suphp_module /usr/lib/apache/1.3/mod_suphp.so
  suPHP_Engine on

  and

  <VirtualHost *>
  ServerName php.mandelson.org
  DocumentRoot /home/jlmphp/www/data/
  </VirtualHost>

  The first set turns suphp on, the second set makes a virtual host “php.mandelson.org” with its own www directiory in jlmphp’s homedir.

• Made a CNAME aliasing php.mandelson.org to mandelson.org, so that when you look up php.mandelson.org you get this server.
• Changed the blog address to be http://php.mandelson.org/wordpress/
• In the .htaccess file for jlmphp, put
  

  AddHandler x-httpd-php .php

  (which tells Apache to use suphp for .php files in this directory), and put in redirects from the old blog address to the new.

• Made wp-config.php user-readable-only and change the passwords. (Which is the whole point!)