Adding a WSS UsernameToken with the native PHP SoapClient is pretty straight forward (Mind you, this is just the plain text credentials so you should use transport security). Here is the usage:

$wsdl = "https://services.yada.net/Yada.svc?wsdl";

// Or 'soap_version' => SOAP_1_1 if your using SOAP 1.1
$options = array(
    'location' => 'https://services.yada.net/Yada.svc',
    'soap_version' => SOAP_1_2);

$client = new SoapClient($wsdl, $options);

// Add the WSS username token headers
AddWSSUsernameToken($client, 'tony', 'clifton');

try
{
    $client->GetVersion();

    echo str_replace('>', '>
'
, str_replace('<', '<', str_replace('&', '&', $client->__getLastResponse()))); } catch(Exception $e) { echo $e; }

Here is the implementation:

function AddWSSUsernameToken($client, $username, $password)
{
    $wssNamespace = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
    
    $username = new SoapVar($username, 
                            XSD_STRING, 
                            null, null, 
                            'Username', 
                            $wssNamespace);
                            
    $password = new SoapVar($password, 
                            XSD_STRING, 
                            null, null, 
                            'Password', 
                            $wssNamespace);
    
    $usernameToken = new SoapVar(array($username, $password), 
                                    SOAP_ENC_OBJECT, 
                                    null, null, 'UsernameToken', 
                                    $wssNamespace);
                            
    $usernameToken = new SoapVar(array($usernameToken), 
                            SOAP_ENC_OBJECT, 
                            null, null, null, 
                            $wssNamespace);
    
    $wssUsernameTokenHeader = new SoapHeader($wssNamespace, 'Security', $usernameToken);
    
    $client->__setSoapHeaders($wssUsernameTokenHeader); 
}