Tips & Tricks
WordPress Security Hacks
Hi guys this is my first post on wpcult the great site Austin built. Hope you guys find it usefull.
If you run a blog using the wordpress software then your blog is a target to hackers. Below I will list some hacks and just how they can help you keep your business/site safe.
The following is code to Block Bad Queries and protect your blog from malicious URL Requests.
Place the following code into a text file and name it what ever you like for example blockbadqueries.php upload it to your plugin folder and activate it in your wordpress admin just as you would any other Plugin
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: http://perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests/
Description: Protect WordPress Against Malicious URL Requests
Author URI: http://perishablepress.com/
Author: Perishable Press
Version: 1.0
*/
global $user_ID; if($user_ID) {
if(!current_user_can(‘level_10’)) {
if (strlen($_SERVER[‘REQUEST_URI’]) > 255 ||
strpos($_SERVER[‘REQUEST_URI’], “eval(“) ||
strpos($_SERVER[‘REQUEST_URI’], “CONCAT”) ||
strpos($_SERVER[‘REQUEST_URI’], “UNION+SELECT”) ||
strpos($_SERVER[‘REQUEST_URI’], “base64”)) {
@header(“HTTP/1.1 414 Request-URI Too Long”);
@header(“Status: 414 Request-URI Too Long”);
@header(“Connection: Close”);
@exit;
}
}
}
?>
This Great plugin was made by Jeff Starr of Digging into WordPress
Protecting your blog with .htaccess
.htaccess files have lots of possibilities. below is some code that will help protect your wordpress from modification of _REQUEST and/or GLOBALS and scripts injection.
This is real simple just paste the following code into your .htaccess file. Always make a backup of your .htaccess before editing, better to be safe.
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]
Thanks to Oussama for this great hack
This little trick is really simple and easy. All you need to do is plug this line of code anywhere you would like to use the text.
<a onclick="return skypeCheck();" href="skype:austin.passy?call">Call me on Skype!</a>
That’s is, pretty simple huh? Just make sure you change skype:austin.passy to your user name!
Want a test? Well, please use the text button, as I was getting to many call’s and hangups: Call me on Skype! Message me on Skype!
Thanks to Shayne for this code!
Update:
I was reminded by Shayne that you will have to add this script into your header.php file:
<script type="text/javascript" src="http://download.skype.com/share/skypebuttons/js/skypeCheck.js"> </script>
That way if the user doesn’t have Skype, they will be prompted to download it if they would like :).
Tips & Tricks
How to: show/hide a widget in WordPress with jQuery
In a previous post I talked about how to show/hide a single div html code with a search inside. Today I’d like to show you how I implemented jQuery into my new theme.
As seen in the current theme, I am using jQuery to animate the show/hide or as known as the css style display: none;.
Since I am using a custom child theme on my site, and have Hybrid theme as my parent, the widgets or sidebar section is different than may be in your theme. But just apply the the style’s as follows to your theme.
First make sure that your WordPress site is calling jQuery, by plugging in this code into your header.php file above the <?php wp_head(); ?> text:
<?php wp_enqueue_script('jquery'); ?>
Then anywhere above the </head >, plug this code in:
<script type="text/javascript">
function toggleWidgets() {
$('#primary h3.widget-title').addClass('plus');
$('#primary h3.widget-title').click(function() {
$(this).toggleClass('plus').toggleClass('minus').next().toggle(180);
});
}
$(document).ready(function() {
toggleWidgets();
}
</script>
That’s it. Pretty simple huh.
So lets go over what the code does.
$('#primary h3.widget-title').addClass('plus');
This line finds all <h3> tags with the class widget-title inside the ID parameter of #primary and adds a class of plus.
Then
$('#primary h3.widget-title').click(function() {
$(this).toggleClass('plus').toggleClass('minus').next().toggle(180);
});
Will apply a click function. When the H3 tag is clicked it will remove the class plus and add the class minus.
Then the code that says .next will then toggle the “next” element after the <h3> title.
Tips & Tricks
How to: Create a fbshare.me shortcode
Social networks are everywhere. I am sure you’re on facebook. Well why not at a facebook share script to your site?
Don’t know PHP that well?
Well here is a simple way to add a share script like fbshare.me to your site, via shortcodes.
Paste the following code in your functions.php file in order to create your shortcode:
function fbshare_script() {
return '<div class="fbshare"><script src="http://widgets.fbshare.me/files/fbshare.js"></script></div>';
}
add_shortcode( 'fbshare', 'fbshare_script' );
Once done, you can display the facebook share button anywhere on your posts. In WordPress editor, make sure you are in HTML mode and insert the following: [fbshare].
When your post will be published, the shortcode will be replaced by the fbshare.me button.
-
Pages4 months agoWrite For Us – Guest Post
-
Showcase4 months ago
StylizedWeb.com
-
News4 months ago
How to: Show/Hide any div box with jQuery in WordPress
-
Tips & Tricks3 months ago
Remove the title attribute using jQuery
-
Tips & Tricks2 weeks ago
How to: show/hide a widget in WordPress with jQuery
-
Plugins1 week agoTop Membership plugins
-
Tips & Tricks4 months ago
Limit the characters that display on the_title
-
Guest Post1 week ago
The Top 10 Best Free Android Retro Games of all time
Pink Magic
February 2, 2011 at 3:02 pm
Internet security in general is often overlooked, especially with WordPress. I’ve been the victim of two WordPress hacks through various security holes!
Henri Labelle
February 3, 2011 at 6:32 pm
Thanks for this tip, I’ll use it right now!!
Symptoms of Depression
February 7, 2011 at 8:43 pm
Yea, I know a number of people who have had their wp sites hacked. That is why I try to get everything set up properly from the very beginning to avoid any nasty surprises. I find that a couple of plugins work well, wp-security scan and wp malwatch. If you are running wp you should definitely install those.
Milwaukee SEO
February 10, 2011 at 10:02 pm
Great roundup of potential issues with WP security. Posts like these make it easy for us to identify loopholes and fix them up before our sites get hacked.
Wordpress Developer
February 15, 2011 at 3:56 am
nice post and it is very helpful for me and i have resolved my many problems of regarding to wordpress security.
thank you very much
pond filters and pumps
February 26, 2011 at 5:14 am
Hi miguel, thanks for you tips. Surely I’ll implement your tips. Last year I have 1 blog attacked by hacker. He delete my posts and take over my blog. lastly I have to delete everything and install everything again. I really hate hacker. – zack
Brand Developers
February 27, 2011 at 5:19 pm
Thank you for the help. It is always rather frightening to think that your blog could be compromised by a malicious hacker.
Thanks,
Katherine
Air Zimbabwe
March 5, 2011 at 3:55 am
Nice job , really appreciate your work and thanks for this vital piece of information
Keep up the good work !!!
xclmedia
March 6, 2011 at 3:38 pm
Ok, thanks for the information! I’ll secure my blog.
Kevin Rutter - Charity Auctioneer
March 6, 2011 at 5:23 pm
It seems Word Press is the most hacked blogs/website out there. I use Word Press and seem to always get hit by these lurkers.
Ross
March 7, 2011 at 12:15 am
Its sad to think that someone will go out of their way to hack into and mess up a website! I see this post if a year old, can I presume this is still a good and value way to keep people out? I guess theres no reason why the code needs to updated…. Cheers Ross
duka
March 10, 2011 at 9:52 am
Join to our newest gaming comunity and you can find or make tutorials for every game:
thextop.org Soon maybe we will be the best gaming tutorial comunity!!!
Fabrizio T.
March 15, 2011 at 9:24 am
Hello, very nice post with useful tricks.
I’d have a question: do you think that could be useful to use .htaccess to block hotlinking of images? I noticed on my blog that there is a lot of traffic on some images (car models) and I suspect that someone is linking those images… do you think it is possible using .htaccess?
HCG
March 17, 2011 at 8:45 am
I think you have done a great job stepping in and taking over where the other previous owner had left off. Good Job.
Toulouse webdesigner
March 18, 2011 at 7:54 am
Very useful tut, security is essential for WordPress !
jacob @ seo services
March 25, 2011 at 3:40 am
i really need this, good information about wordpress plug-ins.
thanks to share this article.
keep it up
cheers!
Kev
March 27, 2011 at 3:24 am
hi
Great post ,thanks for sharing
Arbetskläder
March 27, 2011 at 11:21 am
Many thanks for the .htaccess tips, I just implemented it. Thanks!
top 10 credit cards
March 28, 2011 at 7:39 am
Security, protecting our personal information is very important. It’s so accessible nowadays, We never know how and by whom it can be used. Thanks for the code.
Geodesic Dome GreenHouse
March 30, 2011 at 2:01 pm
For first time posting an article this is more then good! In fact I think this is great. Supplied me with some very useful information that I am going to use and that I never knew about until know! I’ve never had any of my WordPress blogs hacked before, thank god, but I have heard about many people who have had theirs hacked and now that Is something I don’t have to worry about anymore. I’m gonna apply this to all of my WordPress blogs from here on out!
Thank you
P.S. Will this work on other blogs or only on WordPress blogs?
Katie
April 2, 2011 at 6:55 am
I have no idea what a ‘malicious URL request’ is either, however I have had a wordpress blog hacked before and it was a real hassle getting it back up and running again (luckily I had recent backups). So I am installing the plugin and hoping it can stop anything like that happening in future!
I’m not confident about editing the .htaccess file, but I’ll use the plugin.
K.
Tigara electronica
April 4, 2011 at 7:21 am
Internet is not secure, if hackers managed to break into CIA and nasa accounts, be sure they can hack your blog, anyway you protect it!
chat
April 7, 2011 at 7:07 pm
thxadmins..
meter data
April 10, 2011 at 2:55 am
Problem is with the best hackers is they try to frame others
Steve
April 12, 2011 at 1:49 am
Thanks for the tips above. I really had no idea that a wp blog can be hacked this way. I am going to secure my blogs.
thanks 🙂
Steve
Rosana
April 14, 2011 at 2:44 pm
Thanks for sharing this post, but I’m not agree with you.
Franz V. Hurtado
April 19, 2011 at 9:45 am
Nice article! You can get more information about successful poet by reading about Franz V. Hurtado. He is a great poet. He know new technology about poetry.
Mark
April 19, 2011 at 8:58 pm
Great post and an excelent advices for every blogger in securities topics. Security is the key!
Thanks a lot from argentina
Sheila D. Miles
April 21, 2011 at 7:58 am
I was hacked twice, and had a hard time putting pieces back together, being a non-techie added on the grief. Very nice Info, I will definitely use the code you posted.
Justin King
April 27, 2011 at 7:57 am
I think this is very helpful article which shows from top to bottom of hacking for wordpress blogs. Very informative and useful to beginners.
Dan W
April 30, 2011 at 9:38 pm
I’m not sure I understand all of this but I will follow your instructions to get some protection. Thanks much.
jim
May 3, 2011 at 9:10 am
Thank you for this! recently came under attack and it was not fun, had to get my host involved over simple wordpress security flaw..
DrawBloodPoker
May 5, 2011 at 12:35 am
Guys like you are smart,how come WordPress does not listen to you?
buat situs gratis
May 6, 2011 at 5:10 pm
I found this information usefull, especially for my blog. Thanks
Ashley Morrison
May 18, 2011 at 12:11 pm
I’m having no end of problems with my wordpress blog I think it may have been something I’d done rather that a virus or hack. Will play with it and will let you know if I fix it
akash rana
May 20, 2011 at 6:27 pm
nice work, you work a lot on your posts!
akash rana
May 20, 2011 at 6:31 pm
nice work, you work a lot on your posts!. carry on
akash rana
May 20, 2011 at 6:36 pm
nice work, you work a lot on your posts! i hope want to more good in future
Mike Strong
May 23, 2011 at 12:33 pm
I see this post is old so not sure if this is ganna save. Quick question: was the first script a plugin? Should I follow that link and get a plugin there? And the 2nd, the .htaccess; is that an alternative – just choose one or the other?
And if I use the .htaccess, does it matter where it is in that file ; does it need to be first?
Thanks in advance.
portland acupuncture
May 23, 2011 at 3:56 pm
Thanks. I never thought of using the .htaccess in that way. That’s extremely helpful!
Gesund Abnehmen
May 25, 2011 at 1:45 am
Thanks for sharing. Nice job
Evenimente
May 26, 2011 at 1:25 am
Great first post! Congrats!
Kang Yahya
May 27, 2011 at 7:26 am
Nice tips and trick.
I like this blog.
Statecollege Computer Repair
May 28, 2011 at 6:44 am
Welcome to the site.And you are right about hacking.Mow a days hacking is becoming more and more common.
frank
May 31, 2011 at 9:35 am
Thanks for the wordpress tips. I will use these for sure!
Limo Steves
June 7, 2011 at 2:32 am
I was looking for such information for a long time and I am glad that I finally came here! Thanks for sharing the such information with us.
WordPress
June 10, 2011 at 7:57 am
It seems that I’ve already installed that plugin. By the way thanks for the info. Looking for more related posts.
Ganar Dinero
June 10, 2011 at 1:36 pm
I’ve ever commented here, but have been reading and following your posts for almost one year.
Thanks for all the valuable information you spread through your posts and hope you continue to do the great job.
Peter
June 14, 2011 at 11:31 am
Hi,
Excellent blog, congratulations.
Regards
Peter
Ralph T. Burlingame
June 19, 2011 at 11:36 am
I was hacked twice, and had a hard time putting pieces back together, being a non-techie added on the grief. Very nice Info, I will definitely use the code you posted.