WordPress Security Hacks
Hi guys this is my first post on wpcult the great site Austin built. Hope you guys find it usefull.
If you run a blog using the wordpress software then your blog is a target to hackers. Below I will list some hacks and just how they can help you keep your business/site safe.
The following is code to Block Bad Queries and protect your blog from malicious URL Requests.
Place the following code into a text file and name it what ever you like for example blockbadqueries.php upload it to your plugin folder and activate it in your wordpress admin just as you would any other Plugin
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: http://perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests/
Description: Protect WordPress Against Malicious URL Requests
Author URI: http://perishablepress.com/
Author: Perishable Press
Version: 1.0
*/
global $user_ID; if($user_ID) {
if(!current_user_can(‘level_10′)) {
if (strlen($_SERVER['REQUEST_URI']) > 255 ||
strpos($_SERVER['REQUEST_URI'], “eval(“) ||
strpos($_SERVER['REQUEST_URI'], “CONCAT”) ||
strpos($_SERVER['REQUEST_URI'], “UNION+SELECT”) ||
strpos($_SERVER['REQUEST_URI'], “base64″)) {
@header(“HTTP/1.1 414 Request-URI Too Long”);
@header(“Status: 414 Request-URI Too Long”);
@header(“Connection: Close”);
@exit;
}
}
}
?>
This Great plugin was made by Jeff Starr of Digging into WordPress
Protecting your blog with .htaccess
.htaccess files have lots of possibilities. below is some code that will help protect your wordpress from modification of _REQUEST and/or GLOBALS and scripts injection.
This is real simple just paste the following code into your .htaccess file. Always make a backup of your .htaccess before editing, better to be safe.
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]
Thanks to Oussama for this great hack
Digg
Furl
Reddit
del.icio.us
StumbleUpon
MySpace
Facebook
TwitThis
YahooBuzz
Mixx
Propeller
Slashdot
February 15, 2011
3:56 am
nice post and it is very helpful for me and i have resolved my many problems of regarding to wordpress security.
thank you very much
February 26, 2011
5:14 am
Hi miguel, thanks for you tips. Surely I’ll implement your tips. Last year I have 1 blog attacked by hacker. He delete my posts and take over my blog. lastly I have to delete everything and install everything again. I really hate hacker. – zack
February 27, 2011
5:19 pm
Thank you for the help. It is always rather frightening to think that your blog could be compromised by a malicious hacker.
Thanks,
Katherine
March 5, 2011
3:55 am
Nice job , really appreciate your work and thanks for this vital piece of information
Keep up the good work !!!
March 6, 2011
3:38 pm
Ok, thanks for the information! I’ll secure my blog.
March 6, 2011
5:23 pm
It seems Word Press is the most hacked blogs/website out there. I use Word Press and seem to always get hit by these lurkers.
March 7, 2011
12:15 am
Its sad to think that someone will go out of their way to hack into and mess up a website! I see this post if a year old, can I presume this is still a good and value way to keep people out? I guess theres no reason why the code needs to updated…. Cheers Ross
March 10, 2011
9:52 am
Join to our newest gaming comunity and you can find or make tutorials for every game:
thextop.org Soon maybe we will be the best gaming tutorial comunity!!!
March 15, 2011
9:24 am
Hello, very nice post with useful tricks.
I’d have a question: do you think that could be useful to use .htaccess to block hotlinking of images? I noticed on my blog that there is a lot of traffic on some images (car models) and I suspect that someone is linking those images… do you think it is possible using .htaccess?
March 17, 2011
8:45 am
I think you have done a great job stepping in and taking over where the other previous owner had left off. Good Job.
March 18, 2011
7:54 am
Very useful tut, security is essential for WordPress !
March 25, 2011
3:40 am
i really need this, good information about wordpress plug-ins.
thanks to share this article.
keep it up
cheers!
March 27, 2011
3:24 am
hi
Great post ,thanks for sharing
March 27, 2011
11:21 am
Many thanks for the .htaccess tips, I just implemented it. Thanks!
March 28, 2011
7:39 am
Security, protecting our personal information is very important. It’s so accessible nowadays, We never know how and by whom it can be used. Thanks for the code.
March 30, 2011
2:01 pm
For first time posting an article this is more then good! In fact I think this is great. Supplied me with some very useful information that I am going to use and that I never knew about until know! I’ve never had any of my WordPress blogs hacked before, thank god, but I have heard about many people who have had theirs hacked and now that Is something I don’t have to worry about anymore. I’m gonna apply this to all of my WordPress blogs from here on out!
Thank you
P.S. Will this work on other blogs or only on WordPress blogs?
April 2, 2011
6:55 am
I have no idea what a ‘malicious URL request’ is either, however I have had a wordpress blog hacked before and it was a real hassle getting it back up and running again (luckily I had recent backups). So I am installing the plugin and hoping it can stop anything like that happening in future!
I’m not confident about editing the .htaccess file, but I’ll use the plugin.
K.
April 4, 2011
7:21 am
Internet is not secure, if hackers managed to break into CIA and nasa accounts, be sure they can hack your blog, anyway you protect it!
April 7, 2011
7:07 pm
thxadmins..
April 10, 2011
2:55 am
Problem is with the best hackers is they try to frame others
April 12, 2011
1:49 am
Thanks for the tips above. I really had no idea that a wp blog can be hacked this way. I am going to secure my blogs.
thanks
Steve
April 14, 2011
2:44 pm
Thanks for sharing this post, but I’m not agree with you.
April 19, 2011
9:45 am
Nice article! You can get more information about successful poet by reading about Franz V. Hurtado. He is a great poet. He know new technology about poetry.
April 19, 2011
8:58 pm
Great post and an excelent advices for every blogger in securities topics. Security is the key!
Thanks a lot from argentina
April 21, 2011
7:58 am
I was hacked twice, and had a hard time putting pieces back together, being a non-techie added on the grief. Very nice Info, I will definitely use the code you posted.
April 27, 2011
7:57 am
I think this is very helpful article which shows from top to bottom of hacking for wordpress blogs. Very informative and useful to beginners.
April 30, 2011
9:38 pm
I’m not sure I understand all of this but I will follow your instructions to get some protection. Thanks much.
May 3, 2011
9:10 am
Thank you for this! recently came under attack and it was not fun, had to get my host involved over simple wordpress security flaw..
May 5, 2011
12:35 am
Guys like you are smart,how come WordPress does not listen to you?
May 6, 2011
5:10 pm
I found this information usefull, especially for my blog. Thanks
May 18, 2011
12:11 pm
I’m having no end of problems with my wordpress blog I think it may have been something I’d done rather that a virus or hack. Will play with it and will let you know if I fix it
May 20, 2011
6:27 pm
nice work, you work a lot on your posts!
May 20, 2011
6:31 pm
nice work, you work a lot on your posts!. carry on
May 20, 2011
6:36 pm
nice work, you work a lot on your posts! i hope want to more good in future
May 23, 2011
12:33 pm
I see this post is old so not sure if this is ganna save. Quick question: was the first script a plugin? Should I follow that link and get a plugin there? And the 2nd, the .htaccess; is that an alternative – just choose one or the other?
And if I use the .htaccess, does it matter where it is in that file ; does it need to be first?
Thanks in advance.
May 23, 2011
3:56 pm
Thanks. I never thought of using the .htaccess in that way. That’s extremely helpful!
May 25, 2011
1:45 am
Thanks for sharing. Nice job
May 26, 2011
1:25 am
Great first post! Congrats!
May 27, 2011
7:26 am
Nice tips and trick.
I like this blog.
May 28, 2011
6:44 am
Welcome to the site.And you are right about hacking.Mow a days hacking is becoming more and more common.
May 31, 2011
9:35 am
Thanks for the wordpress tips. I will use these for sure!
June 7, 2011
2:32 am
I was looking for such information for a long time and I am glad that I finally came here! Thanks for sharing the such information with us.
June 10, 2011
7:57 am
It seems that I’ve already installed that plugin. By the way thanks for the info. Looking for more related posts.
June 10, 2011
1:36 pm
I’ve ever commented here, but have been reading and following your posts for almost one year.
Thanks for all the valuable information you spread through your posts and hope you continue to do the great job.
June 14, 2011
11:31 am
Hi,
Excellent blog, congratulations.
Regards
Peter
June 19, 2011
11:36 am
I was hacked twice, and had a hard time putting pieces back together, being a non-techie added on the grief. Very nice Info, I will definitely use the code you posted.
June 21, 2011
5:52 pm
I was a victim few months back on one of my sites…. but later discovered that reasons were more about me and not WP… anyways nice info… Hail Open Source, long live WP….!
June 24, 2011
4:48 pm
Congrats on your first post!
June 27, 2011
11:26 am
I love to read the articles on wpcult… but don’t like it when some others write it instead of admin…
July 4, 2011
12:49 am
wordpress is a safe script anyway. But your codes will be improve this. Thanks i will use .