Blocking long URLs and wordpress hack protection
Pests often use SQL injections to hack WordPress sites.. To complicate their work, you can use the plugin code that I just found ). Looking at the plugin code it is not difficult to understand what it should do..
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
<?php /* Plugin Name: Block Bad Queries Plugin URI: https://perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests/ Description: Protect WordPress Against Malicious URL Requests Author URI: https://perishablepress.com/ Author: Perishable Press Version: 1.0 */ global $user_ID; if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || stripos($_SERVER['REQUEST_URI'], "eval(") || stripos($_SERVER['REQUEST_URI'], "CONCAT") || stripos($_SERVER['REQUEST_URI'], "UNION+SELECT") || stripos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?> |
For the plugin to work, you need to create a file with any name in English. When testing, I created seqwp.php in the plugins folder. And paste the above code there. After that, activate the plugin in the admin panel and try to enter long addresses.
To be honest, the hosting already has protection against long addresses on my server and the hosting itself did not give me the opportunity to fully test the plugin ).
/*
- Basic web design course;
- Site layout;
- General course on CMS WordPress and continuation of the course on template development;
- Website development in PHP.