WordPress Security Hacks
Hi guys this is my first post on wpcult the great site Austin built. Hope you guys find it usefull.
If you run a blog using the wordpress software then your blog is a target to hackers. Below I will list some hacks and just how they can help you keep your business/site safe.
The following is code to Block Bad Queries and protect your blog from malicious URL Requests.
Place the following code into a text file and name it what ever you like for example blockbadqueries.php upload it to your plugin folder and activate it in your wordpress admin just as you would any other Plugin
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: http://perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests/
Description: Protect WordPress Against Malicious URL Requests
Author URI: http://perishablepress.com/
Author: Perishable Press
Version: 1.0
*/
global $user_ID; if($user_ID) {
if(!current_user_can(‘level_10′)) {
if (strlen($_SERVER['REQUEST_URI']) > 255 ||
strpos($_SERVER['REQUEST_URI'], “eval(“) ||
strpos($_SERVER['REQUEST_URI'], “CONCAT”) ||
strpos($_SERVER['REQUEST_URI'], “UNION+SELECT”) ||
strpos($_SERVER['REQUEST_URI'], “base64″)) {
@header(“HTTP/1.1 414 Request-URI Too Long”);
@header(“Status: 414 Request-URI Too Long”);
@header(“Connection: Close”);
@exit;
}
}
}
?>
This Great plugin was made by Jeff Starr of Digging into WordPress
Protecting your blog with .htaccess
.htaccess files have lots of possibilities. below is some code that will help protect your wordpress from modification of _REQUEST and/or GLOBALS and scripts injection.
This is real simple just paste the following code into your .htaccess file. Always make a backup of your .htaccess before editing, better to be safe.
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]
Thanks to Oussama for this great hack
Digg
Furl
Reddit
del.icio.us
StumbleUpon
MySpace
Facebook
TwitThis
YahooBuzz
Mixx
Propeller
SlashdotRelated Posts
4 Trackbacks
- Wordpress Belarus » Blog Archive » WordPress Security Hacks
March 10, 2010 12:01 AM - WordPress Security Hacks | WordPressPlanet.com
March 10, 2010 12:01 AM - Getting Your Wordpress Blog Optimized for the Search Engines … | Search Result Secrets
March 10, 2010 7:20 AM - Blogging Tips 1
May 31, 2010 8:34 PM
July 10, 2011
11:40 pm
Good post .keep continue your post .i like your writing style.thanks for sharing.
July 12, 2011
4:16 pm
Nice article great first post, Very informative and congrats on becoming the new site owner.
July 14, 2011
3:27 pm
This article is of 2010 and all the information is valid in 2011, you got a really nice blog and I’ll bookmark it to read all the articles.
July 25, 2011
4:00 am
That’s a very bad news that my wordpress blog is at risk of being hacked:/. You are doing a great job by informing us about such danger.
July 25, 2011
7:33 am
Thank you very interesting.
August 2, 2011
4:35 pm
Thanks for the code. I have been looking for something to block bad queries and protect my blogs from malicious URL requests.
August 2, 2011
9:22 pm
Good research Miguel
great work you have done
August 5, 2011
3:18 am
Greatttttt!what a blog,man.i found it really interesting and i am going to bookmark this..Don’t quit posting ,you are a writer…..:-)
August 7, 2011
7:34 am
good words
thank you
August 8, 2011
4:16 am
This post provides best security for my WordPress Plugin to avoid the hacking.. I am just using this code right now..
August 9, 2011
4:08 am
great article, you should write more often! keep it up
August 18, 2011
9:34 pm
I m fully satisfied with the post that how to remove the hacking or not to hacking the word press because it results in a negative effect.we will be careful about that.
August 21, 2011
9:39 am
When I had my hosting company, one of my client’s blogs kept getting hacked. I fixed it a half a dozen times before told him that he has to fix his own issues – pointed him to posts like this around the internet.
Good stuff!
August 24, 2011
1:19 am
Always looking for security info. This is still up-to-date.
Much appreciated, bookmarked, rt’d, fb’d, and dugg.
August 26, 2011
5:45 am
Yes, website Security is very important, and i have a wordpress blog too, thanks for the post.
September 2, 2011
10:53 pm
Nice first post! I’ve used Block Bad Queries in a couple of blogs and it worked exceptionally well. I like plugins that require minimal configuration! Thanks!
September 7, 2011
4:31 pm
Its been a while since i read such a nice article just like this.
September 7, 2011
4:35 pm
Interesting Article. great job for the this site.
September 10, 2011
1:30 am
This is very interesting, You’re a very skilled blogger. I have joined your rss feed and look forward to seeking more of your great post. Also, I have shared your site in my social networks!
September 21, 2011
4:38 am
Really good article, good to know about these security issues with my blog.
September 21, 2011
4:32 pm
Thanks this is very useful. I will use this for all of my blogs.
September 24, 2011
3:28 am
thanks for sharing!!!
October 11, 2011
5:38 pm
Nice code. I will try it.
October 11, 2011
10:23 pm
Great article. It is always good to add in extra layers of safety, especially when it comes to protecting your business or name.
October 13, 2011
2:39 am
I am an electrical & electronics engineer, and i am thinking about joining APPIN institute of ethical hacking & IT security bcoz I am interested in this field, so will there be better career options for me in this field after having an international diploma certification in ethical hacking?
October 17, 2011
5:30 am
Great post, and hope you keep writing for the site. We are moving our site to WordPress so will be implementing these tips to keep it secure.
October 18, 2011
10:21 pm
Thank you for the code, I was looking for something like this for long, my website has been hacked once and I needed something urgently to safe guard, shall try this. Thanks !
October 19, 2011
3:33 am
Thank you for sharing this tool. Now I know that I’m in a safe hand. More Power!
Rob Benwell
October 23, 2011
12:00 pm
This has happened to me once before. Thanks for sharing this information, it’s always good to be cautious about these things and keep our websites protected. For a lot of people it’s their livelihood!
October 24, 2011
5:19 am
Hey, thanks for the good tips. Am always in search of good safety information for WordPress. They are easy to implement even for beginners.
October 25, 2011
8:34 am
Your postings are really very informative, that’s why I can’t help myself but come back and see what you posted again for me to gain knowledge. Thank you.
October 26, 2011
5:30 am
I was hacked one and since than I started paying more attention to security!
So thank for this post..I will implement it right away!
October 26, 2011
11:29 pm
very informative thanks lotttt
October 28, 2011
2:13 am
This is great post,very useful! I think i will improve my website security…
October 30, 2011
3:03 pm
Thanks for the great info on protecting my blog!
October 30, 2011
8:59 pm
I think i have to improve my web security ASAP.
October 31, 2011
11:14 pm
thanks for sharing the article, this is very useful for us
November 1, 2011
3:53 am
very useful post to protect the word press blog curious to know more about wp with you in your blog
November 10, 2011
12:59 am
Yeah, well, ya shoulda been there! Oh, and thanks for the compliment and a tip o’ the hat to ya!
November 15, 2011
8:36 am
Yes, it is a pity the blogger doesn’t write more here. It is an interesting blog.
November 19, 2011
1:50 am
Hi blogger,
I think I’m *wrongly* blacklisted by Akismet or similar, so I searched for information online and I found two solutions: contact Akismet (almost always unanswered), and contact the bloggers to ask to be removed from their spam queue.
Sites that are erroneously intercepted by Akismet are:
http://www.giuseppespinelli.it
and
http://www.webdirectoryitaliana.it
The first is an authoritative website, owned by a maxillo-facial surgeon, Dr. Giuseppe Spinelli. It is in the top ten google SERP for keywords like “chirurgia maxillo facciale” (in Eglish it mean: maxillo facial surgery), “rinoplastica” (in English it mean: rhinoplasty), “blefaroplastica” (in English it means: blepharoplasty “) and others.
The second is my social bookmarking website, in the second page of Google for “social bookmarking” keyword.
I’m contacting all bloggers who use Akismet where I posted my comments to ask if they can remove me from their spam queque. So, if you have Aksimet or some similar plugin on your blog, I ask you if you can remove my comments from your spam folder. I would be very grateful for that.
I have commented on your blog here: http://wpcult.com/wordpress-security-hacks/
Thanks for your time
PS: I tried to contact you from the contact form but captcha doesn’t work.
Greetings
Alessandro Simoni
November 22, 2011
9:22 am
Hi, thanks for this great information. Though I haven’t been hacked but I think word press itself is working on this issue too. I liked the code you shared and definitely I will use it.
December 3, 2011
2:02 am
Looking forward to the day when we don’t have to worry about being hacked. Eternal security is available for anyone who searches it out. No 777 Permissions! New release of WordPress? Install it! Don’t trust pirated Premium Themes, if it sounds too good to be true…
December 9, 2011
12:50 am
Nice article for the first one
And a nice way to get rid of those malicious URL Requests. Looking forward to read more from you in the next time.
December 12, 2011
4:17 am
Thanks. Your article is very useful.
December 13, 2011
3:17 pm
nice tips, but updating wordress will resolve the bugs
December 14, 2011
1:47 am
Really much helpful. Thanks for posting.
December 14, 2011
10:31 pm
I agree with Jorge. Useful stuff. Will definitely check out more!