Tips & Tricks
WordPress Security Hacks
Hi guys this is my first post on wpcult the great site Austin built. Hope you guys find it usefull.
If you run a blog using the wordpress software then your blog is a target to hackers. Below I will list some hacks and just how they can help you keep your business/site safe.
The following is code to Block Bad Queries and protect your blog from malicious URL Requests.
Place the following code into a text file and name it what ever you like for example blockbadqueries.php upload it to your plugin folder and activate it in your wordpress admin just as you would any other Plugin
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: http://perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests/
Description: Protect WordPress Against Malicious URL Requests
Author URI: http://perishablepress.com/
Author: Perishable Press
Version: 1.0
*/
global $user_ID; if($user_ID) {
if(!current_user_can(‘level_10’)) {
if (strlen($_SERVER[‘REQUEST_URI’]) > 255 ||
strpos($_SERVER[‘REQUEST_URI’], “eval(“) ||
strpos($_SERVER[‘REQUEST_URI’], “CONCAT”) ||
strpos($_SERVER[‘REQUEST_URI’], “UNION+SELECT”) ||
strpos($_SERVER[‘REQUEST_URI’], “base64”)) {
@header(“HTTP/1.1 414 Request-URI Too Long”);
@header(“Status: 414 Request-URI Too Long”);
@header(“Connection: Close”);
@exit;
}
}
}
?>
This Great plugin was made by Jeff Starr of Digging into WordPress
Protecting your blog with .htaccess
.htaccess files have lots of possibilities. below is some code that will help protect your wordpress from modification of _REQUEST and/or GLOBALS and scripts injection.
This is real simple just paste the following code into your .htaccess file. Always make a backup of your .htaccess before editing, better to be safe.
Options +FollowSymLinks RewriteEngine On RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) RewriteRule ^(.*)$ index.php [F,L]
Thanks to Oussama for this great hack
Tips & Tricks
Add a shortcode
This is a simple one.
/** * Your Blog title * */ function my_blog_title() { $blogname = get_bloginfo('name'); return '<span class="blog-title">' . $blogname . '</span>'; } add_shortcode('blog-title', 'my_blog_title');
Just add this to your functions.php file and then add [blog-title] in any post or page and it will return your Blog Title. :)
Tips & Tricks
Adding a external file after the first post
How might you display a Google ad after the first post or anything you like? It is very simple. You just need to add the variable $loopcounter
in the Loop. If the $loopcounter
is less than or equal to 1, then include your option. Check out the code:
<?php if (have_posts()) : while (have_posts()) : the_post(); $loopcounter++; ?> // your loop <?php if ($loopcounter <= 1) { include (STYLESHEETPATH . '/you-file.php'); } ?> <?php endwhile; ?> <?php else : ?> <?php endif; ?>
Pretty simple huh. Well in the $loopcounter
line, you may change the include to point to any file or maybe a custom widget like so:
<?php if ($loopcounter <= 1) { dynamic_sidebar( 'Plus Post' ); } ?>
Or use your code directly in between the {
& }
.
Tips & Tricks
A simple way to query posts
Here is a simple way to call query_posts
with an array of options. For all options you my use visit: WordPress Codex.
<?php $my_query = array('showposts' => 4, 'post__not_in' => $do_not_duplicate); ?> <?php query_posts($my_query); ?>
-
Pages1 month ago
Write For Us – Guest Post
-
Showcase2 months ago
StylizedWeb.com
-
News1 month ago
How to: Show/Hide any div box with jQuery in WordPress
-
Tips & Tricks2 weeks ago
Remove the title attribute using jQuery
-
Tips & Tricks3 months ago
How to: show/hide a widget in WordPress with jQuery
-
Plugins3 months ago
Top Membership plugins
-
Tips & Tricks2 months ago
Limit the characters that display on the_title
-
Tips & Tricks5 months ago
Remove spaces when echoing the_title