How to protect your WordPress blog from script injections?


How to protect your WordPress blog from script injections?

Protecting dynamic websites is especially important. Most developers always protect their GET and POST requests, but sometimes this is not enough. We should also protect our blog against script injections and any attempt to modify the PHP GLOBALS and _REQUEST variables.

The following code blocks script injections and any attempts to modify the PHP GLOBALS and _REQUEST variables. Paste it in your .htaccess file (located in the root of your WordPress installation). Make sure to always back up the .htaccess file before modifying it.

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

Using the power of the .htaccess file, we can check requests. What we’ve done here is check whether the request contains a <script> and whether it has tried to modify the value of the PHP GLOBALS or _REQUEST variables. If any of these conditions are met, the request is blocked and a 403 error is returned to the client’s browser.

By | On Tuesday, July 13th, 2010 | Under How To's, Security | 5 Comments »


DO YOU NEED OUR HELP?

Contact our experts, most of the time we assist our readers free of charge.

Those who found this page were searching for:

  • how to protect wordpress from script injections:
  • protecting wordpress from script injection
  • wordpress plugin script injection
  • how to check if blog script is protected
  • "script injection bot"
  • wp protection for script injection
  • script injection bot + wordpress
  • protect php code wordpress
  • how to protect script wordpress
  • script comment to wordpress blog
  • I am doing CPA site. but income is not very steady. Now i am also building CPC sites. not earn much money now.

  • Looks your site is new. do you do keywords research before you post. Technology website always get a ton of traffic, but the CPC is lower.

    • Hi John,

      Yes, this site is brand new, less than a month old. Personally I have a number of websites and they are making good money with CPC advertisements. But my planning with WP Rockers is to promote our WordPress related services and direct advertisement.

      Thanks for your comment.

  • My wordpress is hacked last month. btw, i like your thesis skin.

    • Hello John,

      Sorry to hear about the incident. I hope you have recovered your blog successfully. Maintaining WordPress security is not too hard; just need to keep updating WordPress, plugins etc. This security also depends on hosting facilities as well.

      Thanks for the comment.

Previous post:

Next post: