DISCLAIMER: this post is older than one year and may not be up to date with latest WordPress version.

The .htaccess file have lots of possibilities. Today, let’s see how we can protect our WordPress blog from scripts injection, and unwanted modification of _REQUEST and/or GLOBALS.

Simply paste the following lines into your .htaccess file. This file is located at the root of your WordPress install.
Remember to always make a backup of your .htaccess file before editing it so, you’ll be able to restore it if something went wrong.

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

Thanks to Oussama for those simple, but efficient lines of code!

One Comment

  1. I have an existing htaccess file. I assume the first two lines can be omitted. Is this correct?

    Also, just how common and/or dangerous are these hacks? Are these “unwanted modification of _REQUEST and/or GLOBALS” hacks something specialized that affect existing content, or only when content is being modified?

Leave a Comment

Your email address will not be published. Required fields are marked *