If you notice product variations, tax rates and other large data sets not saving, Suhosin (a security module in PHP) may be preventing the POST data from being saved. This issue can also be caused by servers with version PHP 5.3.9+ and servers running mod_security.

Configuring Suhosin

If enabled, Suhosin may need to be configured to increase its data submission limits. Changing Suhsoin settings differ from host to host so it’s usually better to consult with the provider than attempt it yourself, however some hosts allow you to change settings via php.ini, suhosin.ini, or .htaccess. Commonly, the following vars will need changing:

suhosin.post.max_array_index_length = 256
suhosin.post.max_totalname_length = 65535
suhosin.post.max_vars = 1024
suhosin.post.max_name_length = 256
suhosin.request.max_varname_length = 256
suhosin.request.max_array_index_length = 256
suhosin.request.max_totalname_length = 65535
suhosin.request.max_vars = 1024

After saving you will need to restart the server for the changes to take effect. See http://www.hardened-php.net/suhosin/configuration.html for more information on Suhosin settings.

In shared hosting environments it may not be possible to edit php.ini, in which case you may be able to set the suhosin settings via .htaccess:

php_value suhosin.max_array_index_length 256
php_value suhosin.post.max_array_index_length 256
php_value suhosin.post.max_totalname_length 65535
php_value suhosin.post.max_vars 1024
php_value suhosin.post.max_name_length 256
php_value suhosin.request.max_varname_length 256
php_value suhosin.request.max_array_index_length 256
php_value suhosin.request.max_totalname_length 65535
php_value suhosin.request.max_vars 1024

It is still recommended however to consult your hosting providers documentation, or raise a ticket with them for assistance.

If you use non-latin characters, you may want to increase the following value from the default 64. This will help with issues with non-latin characters.

suhosin.request.max_varname_length = 256

PHP 5.3.9+ and max_input_vars

Newer versions of PHP implement a php.ini directive called max_input_vars usually set to 1000. This means that posting > 1000 form fields for instance would be truncated  preventing data from being saved.

This can be changed in php.ini:

max_input_vars = 2000

If you need to do this via htaccess (on a shared host for instance) you may use:

php_value max_input_vars 2000

Mod_security

Mod_security can also prevent data saving; you may experience error 503’s if this is the case. As with the above issues, you may want to contact your host to help resolve this. Workarounds include:

• Configuring mod_security to allow the data through (advanced)
• Disabling mod security by IP
• (Dreamhost only) Turn the “Extra web security” setting off in the control panel.

References:
http://www.nivas.hr/blog/2012/04/04/beware-of-max_input_vars-php-ini-configuration-option/

https://shopplugin.net/kb/unable-to-save-products-with-large-amount-of-variations/

WP Max Submit Protect

To verify that you are really experiencing the issue describe in this document, you can temporarily install and activate this free plugin: WP Max Submit Protect.

WPEngine

If your site is hosted on WPEngine, you can also solve this issue by disabling object caching directly from your WordPress administration:

This settings can be changed from the main WPEngine menu: