Connect with us

Tips & Tricks

WordPress Security Hacks

Published

on

Hi guys this is my first post on wpcult the great site Austin built.  Hope you guys find it usefull.

If you run a blog using the wordpress software then your blog is a target to hackers.  Below I will list some hacks and just how they can help you keep your business/site safe.

The following is  code to Block Bad Queries and protect your blog from malicious URL Requests.

Place the following code into a text file and name it what ever you like for example blockbadqueries.php upload it to your plugin folder and activate it in your wordpress admin just as you would any other Plugin

<?php
/*
Plugin Name: Block Bad Queries
Plugin URI:
http://perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests/
Description: Protect WordPress Against Malicious URL Requests
Author URI:
http://perishablepress.com/
Author: Perishable Press
Version: 1.0
*/
global $user_ID; if($user_ID) {
  if(!current_user_can(‘level_10’)) {
    if (strlen($_SERVER[‘REQUEST_URI’]) > 255 ||
      strpos($_SERVER[‘REQUEST_URI’], “eval(“) ||
      strpos($_SERVER[‘REQUEST_URI’], “CONCAT”) ||
      strpos($_SERVER[‘REQUEST_URI’], “UNION+SELECT”) ||
      strpos($_SERVER[‘REQUEST_URI’], “base64”)) {
        @header(“HTTP/1.1 414 Request-URI Too Long”);
 @header(“Status: 414 Request-URI Too Long”);
 @header(“Connection: Close”);
 @exit;
    }
  }
}
?>

 This Great plugin was made by Jeff Starr of Digging into WordPress

 

 

Protecting your blog with .htaccess 

.htaccess files have lots of possibilities. below is some code that will help protect your wordpress from modification of _REQUEST and/or GLOBALS and scripts injection.

 This is real simple just paste the following code into your .htaccess file. Always make a backup of your .htaccess before editing, better to be safe.

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

 

Thanks to Oussama for this great hack

Continue Reading
243 Comments

243 Comments

  1. Pink Magic

    February 2, 2011 at 3:02 pm

    Internet security in general is often overlooked, especially with WordPress. I’ve been the victim of two WordPress hacks through various security holes!

  2. Henri Labelle

    February 3, 2011 at 6:32 pm

    Thanks for this tip, I’ll use it right now!!

  3. Symptoms of Depression

    February 7, 2011 at 8:43 pm

    Yea, I know a number of people who have had their wp sites hacked. That is why I try to get everything set up properly from the very beginning to avoid any nasty surprises. I find that a couple of plugins work well, wp-security scan and wp malwatch. If you are running wp you should definitely install those.

  4. Milwaukee SEO

    February 10, 2011 at 10:02 pm

    Great roundup of potential issues with WP security. Posts like these make it easy for us to identify loopholes and fix them up before our sites get hacked.

  5. Wordpress Developer

    February 15, 2011 at 3:56 am

    nice post and it is very helpful for me and i have resolved my many problems of regarding to wordpress security.

    thank you very much

  6. pond filters and pumps

    February 26, 2011 at 5:14 am

    Hi miguel, thanks for you tips. Surely I’ll implement your tips. Last year I have 1 blog attacked by hacker. He delete my posts and take over my blog. lastly I have to delete everything and install everything again. I really hate hacker. – zack

  7. Brand Developers

    February 27, 2011 at 5:19 pm

    Thank you for the help. It is always rather frightening to think that your blog could be compromised by a malicious hacker.

    Thanks,

    Katherine

  8. Air Zimbabwe

    March 5, 2011 at 3:55 am

    Nice job , really appreciate your work and thanks for this vital piece of information
    Keep up the good work !!!

  9. xclmedia

    March 6, 2011 at 3:38 pm

    Ok, thanks for the information! I’ll secure my blog.

  10. Kevin Rutter - Charity Auctioneer

    March 6, 2011 at 5:23 pm

    It seems Word Press is the most hacked blogs/website out there. I use Word Press and seem to always get hit by these lurkers.

  11. Ross

    March 7, 2011 at 12:15 am

    Its sad to think that someone will go out of their way to hack into and mess up a website! I see this post if a year old, can I presume this is still a good and value way to keep people out? I guess theres no reason why the code needs to updated…. Cheers Ross

  12. duka

    March 10, 2011 at 9:52 am

    Join to our newest gaming comunity and you can find or make tutorials for every game:
    thextop.org Soon maybe we will be the best gaming tutorial comunity!!!

  13. Fabrizio T.

    March 15, 2011 at 9:24 am

    Hello, very nice post with useful tricks.
    I’d have a question: do you think that could be useful to use .htaccess to block hotlinking of images? I noticed on my blog that there is a lot of traffic on some images (car models) and I suspect that someone is linking those images… do you think it is possible using .htaccess?

  14. HCG

    March 17, 2011 at 8:45 am

    I think you have done a great job stepping in and taking over where the other previous owner had left off. Good Job.

  15. Toulouse webdesigner

    March 18, 2011 at 7:54 am

    Very useful tut, security is essential for WordPress !

  16. jacob @ seo services

    March 25, 2011 at 3:40 am

    i really need this, good information about wordpress plug-ins.
    thanks to share this article.

    keep it up
    cheers!

  17. Kev

    March 27, 2011 at 3:24 am

    hi
    Great post ,thanks for sharing

  18. Arbetskläder

    March 27, 2011 at 11:21 am

    Many thanks for the .htaccess tips, I just implemented it. Thanks!

  19. top 10 credit cards

    March 28, 2011 at 7:39 am

    Security, protecting our personal information is very important. It’s so accessible nowadays, We never know how and by whom it can be used. Thanks for the code.

  20. Geodesic Dome GreenHouse

    March 30, 2011 at 2:01 pm

    For first time posting an article this is more then good! In fact I think this is great. Supplied me with some very useful information that I am going to use and that I never knew about until know! I’ve never had any of my WordPress blogs hacked before, thank god, but I have heard about many people who have had theirs hacked and now that Is something I don’t have to worry about anymore. I’m gonna apply this to all of my WordPress blogs from here on out!

    Thank you

    P.S. Will this work on other blogs or only on WordPress blogs?

  21. Katie

    April 2, 2011 at 6:55 am

    I have no idea what a ‘malicious URL request’ is either, however I have had a wordpress blog hacked before and it was a real hassle getting it back up and running again (luckily I had recent backups). So I am installing the plugin and hoping it can stop anything like that happening in future!

    I’m not confident about editing the .htaccess file, but I’ll use the plugin.

    K.

  22. Tigara electronica

    April 4, 2011 at 7:21 am

    Internet is not secure, if hackers managed to break into CIA and nasa accounts, be sure they can hack your blog, anyway you protect it!

  23. chat

    April 7, 2011 at 7:07 pm

    thxadmins..

  24. meter data

    April 10, 2011 at 2:55 am

    Problem is with the best hackers is they try to frame others

  25. Steve

    April 12, 2011 at 1:49 am

    Thanks for the tips above. I really had no idea that a wp blog can be hacked this way. I am going to secure my blogs.

    thanks 🙂
    Steve

  26. Rosana

    April 14, 2011 at 2:44 pm

    Thanks for sharing this post, but I’m not agree with you.

  27. Franz V. Hurtado

    April 19, 2011 at 9:45 am

    Nice article! You can get more information about successful poet by reading about Franz V. Hurtado. He is a great poet. He know new technology about poetry.

  28. Mark

    April 19, 2011 at 8:58 pm

    Great post and an excelent advices for every blogger in securities topics. Security is the key!

    Thanks a lot from argentina

  29. Sheila D. Miles

    April 21, 2011 at 7:58 am

    I was hacked twice, and had a hard time putting pieces back together, being a non-techie added on the grief. Very nice Info, I will definitely use the code you posted.

  30. Justin King

    April 27, 2011 at 7:57 am

    I think this is very helpful article which shows from top to bottom of hacking for wordpress blogs. Very informative and useful to beginners.

  31. Dan W

    April 30, 2011 at 9:38 pm

    I’m not sure I understand all of this but I will follow your instructions to get some protection. Thanks much.

  32. jim

    May 3, 2011 at 9:10 am

    Thank you for this! recently came under attack and it was not fun, had to get my host involved over simple wordpress security flaw..

  33. DrawBloodPoker

    May 5, 2011 at 12:35 am

    Guys like you are smart,how come WordPress does not listen to you?

  34. buat situs gratis

    May 6, 2011 at 5:10 pm

    I found this information usefull, especially for my blog. Thanks

  35. Ashley Morrison

    May 18, 2011 at 12:11 pm

    I’m having no end of problems with my wordpress blog I think it may have been something I’d done rather that a virus or hack. Will play with it and will let you know if I fix it

  36. akash rana

    May 20, 2011 at 6:27 pm

    nice work, you work a lot on your posts!

  37. akash rana

    May 20, 2011 at 6:31 pm

    nice work, you work a lot on your posts!. carry on

  38. akash rana

    May 20, 2011 at 6:36 pm

    nice work, you work a lot on your posts! i hope want to more good in future

  39. Mike Strong

    May 23, 2011 at 12:33 pm

    I see this post is old so not sure if this is ganna save. Quick question: was the first script a plugin? Should I follow that link and get a plugin there? And the 2nd, the .htaccess; is that an alternative – just choose one or the other?

    And if I use the .htaccess, does it matter where it is in that file ; does it need to be first?

    Thanks in advance.

  40. portland acupuncture

    May 23, 2011 at 3:56 pm

    Thanks. I never thought of using the .htaccess in that way. That’s extremely helpful!

  41. Gesund Abnehmen

    May 25, 2011 at 1:45 am

    Thanks for sharing. Nice job

  42. Evenimente

    May 26, 2011 at 1:25 am

    Great first post! Congrats!

  43. Kang Yahya

    May 27, 2011 at 7:26 am

    Nice tips and trick.
    I like this blog.

  44. Statecollege Computer Repair

    May 28, 2011 at 6:44 am

    Welcome to the site.And you are right about hacking.Mow a days hacking is becoming more and more common.

  45. frank

    May 31, 2011 at 9:35 am

    Thanks for the wordpress tips. I will use these for sure!

  46. Limo Steves

    June 7, 2011 at 2:32 am

    I was looking for such information for a long time and I am glad that I finally came here! Thanks for sharing the such information with us.

  47. WordPress

    June 10, 2011 at 7:57 am

    It seems that I’ve already installed that plugin. By the way thanks for the info. Looking for more related posts.

  48. Ganar Dinero

    June 10, 2011 at 1:36 pm

    I’ve ever commented here, but have been reading and following your posts for almost one year.

    Thanks for all the valuable information you spread through your posts and hope you continue to do the great job.

  49. Peter

    June 14, 2011 at 11:31 am

    Hi,
    Excellent blog, congratulations.
    Regards
    Peter

  50. Ralph T. Burlingame

    June 19, 2011 at 11:36 am

    I was hacked twice, and had a hard time putting pieces back together, being a non-techie added on the grief. Very nice Info, I will definitely use the code you posted.

You must be logged in to post a comment Login

Leave a Reply

Tips & Tricks

How to: Add a contact me via Skype™ button

Published

on

This little trick is really simple and easy. All you need to do is plug this line of code anywhere you would like to use the text.

<a onclick="return skypeCheck();" href="skype:austin.passy?call">Call me on Skype!</a>

That’s is, pretty simple huh? Just make sure you change skype:austin.passy to your user name!

Want a test? Well, please use the text button, as I was getting to many call’s and hangups: Call me on Skype! Message me on Skype!

Thanks to Shayne for this code!

Update:

I was reminded by Shayne that you will have to add this script into your header.php file:

<script type="text/javascript" src="http://download.skype.com/share/skypebuttons/js/skypeCheck.js">
</script>

That way if the user doesn’t have Skype, they will be prompted to download it if they would like :).

Continue Reading

Tips & Tricks

How to: show/hide a widget in WordPress with jQuery

In a previous post I talked about how to show/hide a single div html code with a search inside. Today I’d like to show you how I implemented jQuery into my new theme.

Published

on

As seen in the current theme, I am using jQuery to animate the show/hide or as known as the css style display: none;.

Since I am using a custom child theme on my site, and have Hybrid theme as my parent, the widgets or sidebar section is different than may be in your theme. But just apply the the style’s as follows to your theme.

First make sure that your WordPress site is calling jQuery, by plugging in this code into your header.php file above the <?php wp_head(); ?> text:

<?php wp_enqueue_script('jquery'); ?>

Then anywhere above the </head >, plug this code in:

<script type="text/javascript">
function toggleWidgets() {
	$('#primary h3.widget-title').addClass('plus');

	$('#primary h3.widget-title').click(function() {
		$(this).toggleClass('plus').toggleClass('minus').next().toggle(180);
	});

}
$(document).ready(function() {
	toggleWidgets();
}
</script>

That’s it. Pretty simple huh.

So lets go over what the code does.

$('#primary h3.widget-title').addClass('plus');

This line finds all <h3> tags with the class widget-title inside the ID parameter of #primary and adds a class of plus.

Then

$('#primary h3.widget-title').click(function() {
		$(this).toggleClass('plus').toggleClass('minus').next().toggle(180);
	});

Will apply a click function. When the H3 tag is clicked it will remove the class plus and add the class minus.

Then the code that says .next will then toggle the “next” element after the <h3> title.

Continue Reading

Tips & Tricks

How to: Create a fbshare.me shortcode

Social networks are everywhere. I am sure you’re on facebook. Well why not at a facebook share script to your site?

Published

on

Don’t know PHP that well?

Well here is a simple way to add a share script like fbshare.me to your site, via shortcodes.

Paste the following code in your functions.php file in order to create your shortcode:

function fbshare_script() {
     return '<div class="fbshare"><script src="http://widgets.fbshare.me/files/fbshare.js"></script></div>';
}
add_shortcode( 'fbshare', 'fbshare_script' );

Once done, you can display the facebook share button anywhere on your posts. In WordPress editor, make sure you are in HTML mode and insert the following: [fbshare].

When your post will be published, the shortcode will be replaced by the fbshare.me button.

Continue Reading

Trending