Due to its popularity, WordPress is often the target of hackers. Today,
let’s see how we can build a plugin that will check for malicious URL
requests (Long request strings, presence of either “eval” and “base64″
php functions, etc.) and use it to protect our blog.
Paste the following code into a text file, and save it as blockbadqueries.php
Paste the following code into a text file, and save it as blockbadqueries.php
<?php /* Plugin Name: Block Bad Queries Plugin URI: http://h20bikash.blogspot.com/ Description: Protect WordPress Against Malicious URL Requests Author URI: http://h20bikash.blogspot.com Author: Jibon Bikash Roy Version: 1.0 */ global $user_ID; if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?>
No comments:
Post a Comment