Tips & Tricks
WordPress Security Hacks
Hi guys this is my first post on wpcult the great site Austin built. Hope you guys find it usefull.
If you run a blog using the wordpress software then your blog is a target to hackers. Below I will list some hacks and just how they can help you keep your business/site safe.
The following is code to Block Bad Queries and protect your blog from malicious URL Requests.
Place the following code into a text file and name it what ever you like for example blockbadqueries.php upload it to your plugin folder and activate it in your wordpress admin just as you would any other Plugin
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: http://perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests/
Description: Protect WordPress Against Malicious URL Requests
Author URI: http://perishablepress.com/
Author: Perishable Press
Version: 1.0
*/
global $user_ID; if($user_ID) {
if(!current_user_can(‘level_10’)) {
if (strlen($_SERVER[‘REQUEST_URI’]) > 255 ||
strpos($_SERVER[‘REQUEST_URI’], “eval(“) ||
strpos($_SERVER[‘REQUEST_URI’], “CONCAT”) ||
strpos($_SERVER[‘REQUEST_URI’], “UNION+SELECT”) ||
strpos($_SERVER[‘REQUEST_URI’], “base64”)) {
@header(“HTTP/1.1 414 Request-URI Too Long”);
@header(“Status: 414 Request-URI Too Long”);
@header(“Connection: Close”);
@exit;
}
}
}
?>
This Great plugin was made by Jeff Starr of Digging into WordPress
Protecting your blog with .htaccess
.htaccess files have lots of possibilities. below is some code that will help protect your wordpress from modification of _REQUEST and/or GLOBALS and scripts injection.
This is real simple just paste the following code into your .htaccess file. Always make a backup of your .htaccess before editing, better to be safe.
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]
Thanks to Oussama for this great hack
This little trick is really simple and easy. All you need to do is plug this line of code anywhere you would like to use the text.
<a onclick="return skypeCheck();" href="skype:austin.passy?call">Call me on Skype!</a>
That’s is, pretty simple huh? Just make sure you change skype:austin.passy to your user name!
Want a test? Well, please use the text button, as I was getting to many call’s and hangups: Call me on Skype! Message me on Skype!
Thanks to Shayne for this code!
Update:
I was reminded by Shayne that you will have to add this script into your header.php file:
<script type="text/javascript" src="http://download.skype.com/share/skypebuttons/js/skypeCheck.js"> </script>
That way if the user doesn’t have Skype, they will be prompted to download it if they would like :).
Tips & Tricks
How to: show/hide a widget in WordPress with jQuery
In a previous post I talked about how to show/hide a single div html code with a search inside. Today I’d like to show you how I implemented jQuery into my new theme.
As seen in the current theme, I am using jQuery to animate the show/hide or as known as the css style display: none;.
Since I am using a custom child theme on my site, and have Hybrid theme as my parent, the widgets or sidebar section is different than may be in your theme. But just apply the the style’s as follows to your theme.
First make sure that your WordPress site is calling jQuery, by plugging in this code into your header.php file above the <?php wp_head(); ?> text:
<?php wp_enqueue_script('jquery'); ?>
Then anywhere above the </head >, plug this code in:
<script type="text/javascript">
function toggleWidgets() {
$('#primary h3.widget-title').addClass('plus');
$('#primary h3.widget-title').click(function() {
$(this).toggleClass('plus').toggleClass('minus').next().toggle(180);
});
}
$(document).ready(function() {
toggleWidgets();
}
</script>
That’s it. Pretty simple huh.
So lets go over what the code does.
$('#primary h3.widget-title').addClass('plus');
This line finds all <h3> tags with the class widget-title inside the ID parameter of #primary and adds a class of plus.
Then
$('#primary h3.widget-title').click(function() {
$(this).toggleClass('plus').toggleClass('minus').next().toggle(180);
});
Will apply a click function. When the H3 tag is clicked it will remove the class plus and add the class minus.
Then the code that says .next will then toggle the “next” element after the <h3> title.
Tips & Tricks
How to: Create a fbshare.me shortcode
Social networks are everywhere. I am sure you’re on facebook. Well why not at a facebook share script to your site?
Don’t know PHP that well?
Well here is a simple way to add a share script like fbshare.me to your site, via shortcodes.
Paste the following code in your functions.php file in order to create your shortcode:
function fbshare_script() {
return '<div class="fbshare"><script src="http://widgets.fbshare.me/files/fbshare.js"></script></div>';
}
add_shortcode( 'fbshare', 'fbshare_script' );
Once done, you can display the facebook share button anywhere on your posts. In WordPress editor, make sure you are in HTML mode and insert the following: [fbshare].
When your post will be published, the shortcode will be replaced by the fbshare.me button.
How to: Add a contact me via Skype™ button
This little trick is really simple and easy. All you need to do is plug this line of code anywhere...
Review: WP-DBManager
This powerful plugin is a must-have for WordPress users. With WP-DBManager you can manage your WordPress database and allows you...
Welcome
Hello, welcome to a new WordPress community site. Join the ever growing and oh so popular WP Cult. Here we...
Top Membership plugins
Membership plugins/scripts for WordPress paid and free we will review them here today. Ultimate Membership Pro Ultimate Membership Pro is...
-
Pages4 months agoWrite For Us – Guest Post
-
Showcase4 months ago
StylizedWeb.com
-
News4 months ago
How to: Show/Hide any div box with jQuery in WordPress
-
Tips & Tricks3 months ago
Remove the title attribute using jQuery
-
Tips & Tricks1 week ago
How to: show/hide a widget in WordPress with jQuery
-
Plugins1 day ago
Top Membership plugins
-
Tips & Tricks4 months ago
Limit the characters that display on the_title
-
Guest Post2 days ago
The Top 10 Best Free Android Retro Games of all time
Pingback: Wordpress Belarus » Blog Archive » WordPress Security Hacks
Pingback: WordPress Security Hacks | WordPressPlanet.com
Andrew@BloggingGuide
March 10, 2010 at 2:18 am
Congratulations on your first post. It’s a really useful article. I run my blogs on wordpress and I know that it really means a lot for it to be protected. Will be trying your suggestions here. I am looking forward to your future posts. More Power!
Markus Thies
May 5, 2010 at 4:48 pm
Indeed, can just say the same as andrew. Very good start. Every active user of wp will like this article. I look forward for your ideas at wp 3 if its out 🙂
greez Markus
Pingback: Getting Your Wordpress Blog Optimized for the Search Engines … | Search Result Secrets
Steve
March 11, 2010 at 1:03 am
Thanks for this nice information Miguel. I have just started a new wordpress blog and I was looking for such tips to protect my blog from hackers.
Heru Kurniawan
March 11, 2010 at 8:40 pm
Yes, I think protecting our blog is very important..It can help keep my business/site safe.
miguel
March 11, 2010 at 11:59 pm
Thanks for the comments guys by the way Andrew got a interesting site there
Timmy
March 16, 2010 at 5:31 am
The best defense WordPress it’s protecting with .htaccess. Also, use the IP security.
dannydamnboy
March 27, 2010 at 7:37 am
this is a good start!
Gino @ Bioenergiser
March 28, 2010 at 11:52 pm
As the WordPress blog installation and maintenance is pretty easy people are widely using the WordPress. If it is easy to hack any WordPress it will affect many people badly so I found your post is very useful and could give warning to blog owners. Thanks for the excellent post.
AngelPixel25
March 29, 2010 at 12:10 am
A hacker does for love what others would not do for money
getjobfor
March 30, 2010 at 9:28 am
thanks for this tips!
THis help me much to get remove some annoying spam control and injection for some of my blogs 🙁
Car Loan 4u
March 31, 2010 at 8:13 am
So is it safe using wordpress anymore. We have already 2 website are currently with wordpress templates.
discount golf clubs for sale
March 31, 2010 at 8:37 pm
This is real simple just paste the following code into your .htaccess file. Always make a backup of your .htaccess before editing, better to be safe.
Read more: http://wpcult.com/wordpress-security-hacks/comment-page-1/#comment-4617#ixzz0jofgCq97
güzel oyunlar
April 3, 2010 at 3:30 am
I really liked. I wish you good work
Parissportifs
April 4, 2010 at 5:39 am
Thank you for this article.
Nice informations 😉
lodging sonoma
April 4, 2010 at 11:17 am
With the ever increasing popularity of blogging and wordpress in particular, it is to be expected that this will attract hackers on a large scale. The continual upgrades to the wp is a real but necessary pain. Thanks for publishing some of your solutions to these problems.
Wordpress
December 8, 2010 at 1:07 am
So is it safe using wordpress anymore. We have already 4 website are currently with wordpress templates. All it work good. That tips is good.
Bogdan
April 6, 2010 at 1:01 pm
a nice security plugin is WP Security Scan – http://wordpress.org/extend/plugins/wp-security-scan/ – it will help you finding some open doors
Pat
April 7, 2010 at 3:10 pm
Thanks for the tips, we just recently started our WordPress blog in January and I have been overwhelmed with the number of spam comments and have numerous security concerns. Looking forward to future posts!
Joe
April 8, 2010 at 7:49 pm
Thanks for that.
Wanted to say, people nowadays who are using scripts that are bought or available for free, completely ignore the fact that these scripts might actually be vulnerable, and think they are not because some company makes them.
A successful webmaster should always put security on the top of his priorities, update his software and check it for vulnerabilities regularly.
Artist Website
April 9, 2010 at 12:50 am
Thanks for that! I always appreciate not having to upload another plugin : )
Lead Solutions
April 10, 2010 at 2:54 pm
Thanks been looking for some more protection for our blog – always hard to keep up with this sort of thing. Will it work for V3?
Praveen
April 12, 2010 at 6:55 am
Wow!!! Nice Stuff buddy…..
Recently there is a attack over WordPress Blogs by Hackers.The saddest part is exploited security Hole not yet Identified,
Dirty Attack Over Hundreds Of WordPress Blogs
http://www.techpraveen.com/2010/04/dirty-attack-over-hundreds-of-wordpress.html
ip adresim
April 14, 2010 at 1:52 am
is it really works?
on hold messages
April 14, 2010 at 9:51 pm
Great article with some very useful information. I will be implementing much of it as soon as I am done commenting.
Guy
April 14, 2010 at 11:22 pm
Thanks for the post~ keep posting…
Bud
April 15, 2010 at 11:05 pm
How to install stats counters, widgets, customisation of blog theme etc.
Jon
April 16, 2010 at 8:20 am
I never had any problems until I started using WP. Don’t get me wrong I still really like it as a platform for blogging, but so far no hacking issues, just some other stuff.
Marco
April 16, 2010 at 6:04 pm
thanks! his article is very useful. I’ve seen pages where hackers have hacked in and promote other sites or business, your tips should help people stay secure with wordpress
providenz
April 18, 2010 at 6:00 am
Thanks, I didn’t know this trick
Malibu Rum
April 19, 2010 at 6:42 am
Thanks for the information, some quite awesome words in this post.
chat
April 19, 2010 at 8:33 am
Yes, I think protecting our blog is very important..
Read more: http://wpcult.com/wordpress-security-hacks/#ixzz0lYplN0o5
janice
April 21, 2010 at 5:55 am
This is a nice post 🙂
I could not believe that this hacking thing is really happenning…
Great job!
-janice @ small business SEO
Haftpflichversicherung Pferd
April 21, 2010 at 10:43 am
Didn’t know about the security issues with WordPress. Will upload your code right now. Cool that I can just upload some php script and activate it like a plugin.
Yeah congratz on your first post here I am sure you will do a great job too.
Meditation Ebooks
April 26, 2010 at 1:13 am
These are pretty good hack for the security of wordpress blogs. I will try it in my blog. Thanks for sharing
Matt
April 28, 2010 at 8:49 am
Congratulations on your first post, what a great article to start with, most useful for wannbe bloggers so thanks for sharing.
Rich
April 28, 2010 at 3:07 pm
I’ve been using WordPress for my blogs and knowing that there are possibilities that it could be hack by someone. Then, your post is such a big help for me to do some security with my blogs. I should be thankful for your useful information. 😉
Vehicle Transport
April 29, 2010 at 1:56 pm
Great advice, Miguel. I recently transferred from Blogger to WordPress because of the hacker and spamming problems that I was having.
Jason Acidre
May 6, 2010 at 12:52 am
Hey there Miguel, just want to ask if these codes will also work on joomla 1.5 platform, since it’s in php? Congratulations on your first post here by the way.
PHP programmer
May 6, 2010 at 3:52 am
i always appreciate it….
very good…..
delensof
May 6, 2010 at 5:58 am
totally agree with you.
mixed martial arts equipment
May 9, 2010 at 11:50 pm
hi
Excellent one.
Very useful information.
Thanks for sharing.
Towing New York
May 10, 2010 at 5:09 pm
the hack is fixed,
I even got an email from Godaddy telling me to upgrade my WP.
Net Age | Web Design
May 11, 2010 at 1:07 am
Welcome Miguel! Your first post is a goodie, and what better subject to look at than security. If you leave the back door open you may turn around to find the pantry empty! Nobody deserves that, and paying attention to your security at home as well as on your website is a must to prevent unauthorized access and subsequent damages or losses.
I’ll keep my eyes open for future posts from you. Enjoy, and good luck with your blogging. Writing is inspiring and sharing your knowledge with others is very gratifying.
Thomas
May 12, 2010 at 6:23 am
Hi!
My Blog was hacked a few months ago. This deleted my footer.php and instead I got a footer.php with only invisible Spamlinks in it.
I don’t know how long this file has been on my blog because it didn’t attract any attention from me. Who takes daily care about his page footer?
So my question: are the above mentioned queries the only one which can cause problems?
porno
May 14, 2010 at 10:05 am
Thank you for this information was good
Werbeagentur
May 17, 2010 at 2:17 pm
Thanks been looking for some more protection for our blog – always hard to keep up with this sort of thing. Will it work for V3?
Trailers for Sale
May 18, 2010 at 3:37 am
Place the following code into a text file and name it what ever you like for example blockbadqueries.php upload it to your plugin folder and activate it in your wordpress admin just as you would any other Plugin
Karen
May 18, 2010 at 11:36 pm
Great post and I found it very useful. I also run my blog on wordpress and I’ll take your suggestions to use.
Atish
May 21, 2010 at 1:59 am
Wow!!!
It’s a good lesson about hackings.great!!!
how to hackers have hacked other business sites and other…….