Tips & Tricks
WordPress Security Hacks
Hi guys this is my first post on wpcult the great site Austin built. Hope you guys find it usefull.
If you run a blog using the wordpress software then your blog is a target to hackers. Below I will list some hacks and just how they can help you keep your business/site safe.
The following is code to Block Bad Queries and protect your blog from malicious URL Requests.
Place the following code into a text file and name it what ever you like for example blockbadqueries.php upload it to your plugin folder and activate it in your wordpress admin just as you would any other Plugin
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: http://perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests/
Description: Protect WordPress Against Malicious URL Requests
Author URI: http://perishablepress.com/
Author: Perishable Press
Version: 1.0
*/
global $user_ID; if($user_ID) {
if(!current_user_can(‘level_10’)) {
if (strlen($_SERVER[‘REQUEST_URI’]) > 255 ||
strpos($_SERVER[‘REQUEST_URI’], “eval(“) ||
strpos($_SERVER[‘REQUEST_URI’], “CONCAT”) ||
strpos($_SERVER[‘REQUEST_URI’], “UNION+SELECT”) ||
strpos($_SERVER[‘REQUEST_URI’], “base64”)) {
@header(“HTTP/1.1 414 Request-URI Too Long”);
@header(“Status: 414 Request-URI Too Long”);
@header(“Connection: Close”);
@exit;
}
}
}
?>
This Great plugin was made by Jeff Starr of Digging into WordPress
Protecting your blog with .htaccess
.htaccess files have lots of possibilities. below is some code that will help protect your wordpress from modification of _REQUEST and/or GLOBALS and scripts injection.
This is real simple just paste the following code into your .htaccess file. Always make a backup of your .htaccess before editing, better to be safe.
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]
Thanks to Oussama for this great hack
Here is a neat trick. Say you want to show a custom field in you post or in a certain categories post. There is a simple code you need to write in order to accomplish this:
<?php $image = get_post_meta($post->ID, "image", $single = true); ?>
<?php if($image != '') : if(in_category(7)) { echo ''; } else { ?>
<img src="<?php echo $image ?>" alt="<?php the_title(); ?>" /></a>
In the example above I am calling the variable $image and telling the server that it equals the value of “image” inside get_post_meta or “custom field” of the current post.
Then we are asking if that variable $image doesn’t equal nothing or != and if it is in the category id of 7, echo what ever is in the single quotes (which is nothing in this example), otherwise show the <img> and the value inside “image” which should be the location of the image.
Update: Thanks to Austin from PressedWords for pointing out his trick, from the comment below.
I talked about Disabling search engine on search pages in a previous post using the meta tag. Today lets go over the web bots Cached copy of your site. If you are working on builder your blog, or have a temporary site up, use the following code:
<meta name="robots" content="noarchive">
This will tell any bot to follow your site, index it, but prevents a cached copy of this page from being available in the search results.
A good idea when trying to get the most out of your blog is usging the meta tag to tell the web bots to search & index your site. But for good SEO you should apply this code in your header.php file of your WordPress blog.
<?php if(is_search()) { ?>
<meta name="robots" content="noindex, nofollow" />
<?php }?>
This will keep your site from getting a hit from bots over duplicate entries. 🙂
VideoGameDude.com
Winner: Free Revolution Theme
I was just sitting in the back listening to Shayne Sanderson from Insctinct, who talked about their e-commerce plugin and...
Wierd custom fields
I am not sure if this is from a pluigin error. But I suddenly have custom field names “atfemail_” and...
What is HTTP Protocol?
HTTP stands for Hypertext Transfer Protocol, and it’s the foundation of the web we know today. It’s a set of...
-
Pages5 months agoWrite For Us – Guest Post
-
Showcase5 months ago
StylizedWeb.com
-
News4 months ago
How to: Show/Hide any div box with jQuery in WordPress
-
Tips & Tricks4 months ago
Remove the title attribute using jQuery
-
Plugins4 weeks agoTop Membership plugins
-
Tips & Tricks1 month ago
How to: show/hide a widget in WordPress with jQuery
-
Guest Post4 weeks ago
The Top 10 Best Free Android Retro Games of all time
-
Tips & Tricks5 months ago
Limit the characters that display on the_title
Pink Magic
February 2, 2011 at 3:02 pm
Internet security in general is often overlooked, especially with WordPress. I’ve been the victim of two WordPress hacks through various security holes!
Henri Labelle
February 3, 2011 at 6:32 pm
Thanks for this tip, I’ll use it right now!!
Symptoms of Depression
February 7, 2011 at 8:43 pm
Yea, I know a number of people who have had their wp sites hacked. That is why I try to get everything set up properly from the very beginning to avoid any nasty surprises. I find that a couple of plugins work well, wp-security scan and wp malwatch. If you are running wp you should definitely install those.
Milwaukee SEO
February 10, 2011 at 10:02 pm
Great roundup of potential issues with WP security. Posts like these make it easy for us to identify loopholes and fix them up before our sites get hacked.
Wordpress Developer
February 15, 2011 at 3:56 am
nice post and it is very helpful for me and i have resolved my many problems of regarding to wordpress security.
thank you very much
pond filters and pumps
February 26, 2011 at 5:14 am
Hi miguel, thanks for you tips. Surely I’ll implement your tips. Last year I have 1 blog attacked by hacker. He delete my posts and take over my blog. lastly I have to delete everything and install everything again. I really hate hacker. – zack
Brand Developers
February 27, 2011 at 5:19 pm
Thank you for the help. It is always rather frightening to think that your blog could be compromised by a malicious hacker.
Thanks,
Katherine
Air Zimbabwe
March 5, 2011 at 3:55 am
Nice job , really appreciate your work and thanks for this vital piece of information
Keep up the good work !!!
xclmedia
March 6, 2011 at 3:38 pm
Ok, thanks for the information! I’ll secure my blog.
Kevin Rutter - Charity Auctioneer
March 6, 2011 at 5:23 pm
It seems Word Press is the most hacked blogs/website out there. I use Word Press and seem to always get hit by these lurkers.
Ross
March 7, 2011 at 12:15 am
Its sad to think that someone will go out of their way to hack into and mess up a website! I see this post if a year old, can I presume this is still a good and value way to keep people out? I guess theres no reason why the code needs to updated…. Cheers Ross
duka
March 10, 2011 at 9:52 am
Join to our newest gaming comunity and you can find or make tutorials for every game:
thextop.org Soon maybe we will be the best gaming tutorial comunity!!!
Fabrizio T.
March 15, 2011 at 9:24 am
Hello, very nice post with useful tricks.
I’d have a question: do you think that could be useful to use .htaccess to block hotlinking of images? I noticed on my blog that there is a lot of traffic on some images (car models) and I suspect that someone is linking those images… do you think it is possible using .htaccess?
HCG
March 17, 2011 at 8:45 am
I think you have done a great job stepping in and taking over where the other previous owner had left off. Good Job.
Toulouse webdesigner
March 18, 2011 at 7:54 am
Very useful tut, security is essential for WordPress !
jacob @ seo services
March 25, 2011 at 3:40 am
i really need this, good information about wordpress plug-ins.
thanks to share this article.
keep it up
cheers!
Kev
March 27, 2011 at 3:24 am
hi
Great post ,thanks for sharing
Arbetskläder
March 27, 2011 at 11:21 am
Many thanks for the .htaccess tips, I just implemented it. Thanks!
top 10 credit cards
March 28, 2011 at 7:39 am
Security, protecting our personal information is very important. It’s so accessible nowadays, We never know how and by whom it can be used. Thanks for the code.
Geodesic Dome GreenHouse
March 30, 2011 at 2:01 pm
For first time posting an article this is more then good! In fact I think this is great. Supplied me with some very useful information that I am going to use and that I never knew about until know! I’ve never had any of my WordPress blogs hacked before, thank god, but I have heard about many people who have had theirs hacked and now that Is something I don’t have to worry about anymore. I’m gonna apply this to all of my WordPress blogs from here on out!
Thank you
P.S. Will this work on other blogs or only on WordPress blogs?
Katie
April 2, 2011 at 6:55 am
I have no idea what a ‘malicious URL request’ is either, however I have had a wordpress blog hacked before and it was a real hassle getting it back up and running again (luckily I had recent backups). So I am installing the plugin and hoping it can stop anything like that happening in future!
I’m not confident about editing the .htaccess file, but I’ll use the plugin.
K.
Tigara electronica
April 4, 2011 at 7:21 am
Internet is not secure, if hackers managed to break into CIA and nasa accounts, be sure they can hack your blog, anyway you protect it!
chat
April 7, 2011 at 7:07 pm
thxadmins..
meter data
April 10, 2011 at 2:55 am
Problem is with the best hackers is they try to frame others
Steve
April 12, 2011 at 1:49 am
Thanks for the tips above. I really had no idea that a wp blog can be hacked this way. I am going to secure my blogs.
thanks 🙂
Steve
Rosana
April 14, 2011 at 2:44 pm
Thanks for sharing this post, but I’m not agree with you.
Franz V. Hurtado
April 19, 2011 at 9:45 am
Nice article! You can get more information about successful poet by reading about Franz V. Hurtado. He is a great poet. He know new technology about poetry.
Mark
April 19, 2011 at 8:58 pm
Great post and an excelent advices for every blogger in securities topics. Security is the key!
Thanks a lot from argentina
Sheila D. Miles
April 21, 2011 at 7:58 am
I was hacked twice, and had a hard time putting pieces back together, being a non-techie added on the grief. Very nice Info, I will definitely use the code you posted.
Justin King
April 27, 2011 at 7:57 am
I think this is very helpful article which shows from top to bottom of hacking for wordpress blogs. Very informative and useful to beginners.
Dan W
April 30, 2011 at 9:38 pm
I’m not sure I understand all of this but I will follow your instructions to get some protection. Thanks much.
jim
May 3, 2011 at 9:10 am
Thank you for this! recently came under attack and it was not fun, had to get my host involved over simple wordpress security flaw..
DrawBloodPoker
May 5, 2011 at 12:35 am
Guys like you are smart,how come WordPress does not listen to you?
buat situs gratis
May 6, 2011 at 5:10 pm
I found this information usefull, especially for my blog. Thanks
Ashley Morrison
May 18, 2011 at 12:11 pm
I’m having no end of problems with my wordpress blog I think it may have been something I’d done rather that a virus or hack. Will play with it and will let you know if I fix it
akash rana
May 20, 2011 at 6:27 pm
nice work, you work a lot on your posts!
akash rana
May 20, 2011 at 6:31 pm
nice work, you work a lot on your posts!. carry on
akash rana
May 20, 2011 at 6:36 pm
nice work, you work a lot on your posts! i hope want to more good in future
Mike Strong
May 23, 2011 at 12:33 pm
I see this post is old so not sure if this is ganna save. Quick question: was the first script a plugin? Should I follow that link and get a plugin there? And the 2nd, the .htaccess; is that an alternative – just choose one or the other?
And if I use the .htaccess, does it matter where it is in that file ; does it need to be first?
Thanks in advance.
portland acupuncture
May 23, 2011 at 3:56 pm
Thanks. I never thought of using the .htaccess in that way. That’s extremely helpful!
Gesund Abnehmen
May 25, 2011 at 1:45 am
Thanks for sharing. Nice job
Evenimente
May 26, 2011 at 1:25 am
Great first post! Congrats!
Kang Yahya
May 27, 2011 at 7:26 am
Nice tips and trick.
I like this blog.
Statecollege Computer Repair
May 28, 2011 at 6:44 am
Welcome to the site.And you are right about hacking.Mow a days hacking is becoming more and more common.
frank
May 31, 2011 at 9:35 am
Thanks for the wordpress tips. I will use these for sure!
Limo Steves
June 7, 2011 at 2:32 am
I was looking for such information for a long time and I am glad that I finally came here! Thanks for sharing the such information with us.
WordPress
June 10, 2011 at 7:57 am
It seems that I’ve already installed that plugin. By the way thanks for the info. Looking for more related posts.
Ganar Dinero
June 10, 2011 at 1:36 pm
I’ve ever commented here, but have been reading and following your posts for almost one year.
Thanks for all the valuable information you spread through your posts and hope you continue to do the great job.
Peter
June 14, 2011 at 11:31 am
Hi,
Excellent blog, congratulations.
Regards
Peter
Ralph T. Burlingame
June 19, 2011 at 11:36 am
I was hacked twice, and had a hard time putting pieces back together, being a non-techie added on the grief. Very nice Info, I will definitely use the code you posted.