Due to its popularity, WordPress is often the target of hackers. Today,
let’s see how we can build a plugin that will check for malicious URL
requests (Long request strings, presence of either “eval” and “base64″
php functions, etc.) and use it to protect our blog.
Paste the following code into a text file, and save it as blockbadqueries.php
Paste the following code into a text file, and save it as blockbadqueries.php
<?php
/* Plugin Name: Block Bad Queries
Plugin URI: http://h20bikash.blogspot.com/
Description: Protect WordPress Against Malicious URL Requests
Author URI: http://h20bikash.blogspot.com
Author: Jibon Bikash Roy Version: 1.0
*/
global $user_ID; if($user_ID)
{
if(!current_user_can('level_10'))
{
if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64"))
{
@header("HTTP/1.1 414 Request-URI Too Long");
@header("Status: 414 Request-URI Too Long");
@header("Connection: Close");
@exit;
}
}
}
?>
No comments:
Post a Comment