The .htaccess file have lots of possibilities. Today, let’s see how we can protect our WordPress blog from scripts injection, and unwanted modification of _REQUEST and/or GLOBALS.
Simply paste the following lines into your .htaccess file. This file is located at the root of your WordPress install.
Remember to always make a backup of your .htaccess file before editing it so, you'll be able to restore it if something went wrong.
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]
Thanks to Oussama for those simple, but efficient lines of code!
Leave a Comment
WP Theme of the week
WPRecipes.com is hosted by VidaHost. Use our exclusive coupon CATSWHOCODE to get a 10% discount on hosting! 
Copyright © 2008 - 2013 WordPress Development by Jean-Baptiste Jung. Graphic art by GreenBubbles.org.ua, all right reserved.
One Response
I have an existing htaccess file. I assume the first two lines can be omitted. Is this correct?
Also, just how common and/or dangerous are these hacks? Are these “unwanted modification of _REQUEST and/or GLOBALS” hacks something specialized that affect existing content, or only when content is being modified?
Trackbacks: