Protect WordPress Against Malicious URL Requests

Last updated Oct 30, 2017

In early September, many WordPress sites were infected with Malicious codes. We wrote a quick fix for that issue which you can see in this post, but recently Jeff Starr from Perishable Press has come with a solution to protect WordPress from future attacks as well.

Simply open a new php file and paste the following codes:

<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: http://perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests/
Description: Protect WordPress Against Malicious URL Requests
Author URI: http://perishablepress.com/
Author: Perishable Press
Version: 1.0
*/
global $user_ID; if($user_ID) {
if(!current_user_can(‘level_10’)) {
if (strlen($_SERVER[‘REQUEST_URI’]) > 255 ||
strpos($_SERVER[‘REQUEST_URI’], “eval(“) ||
strpos($_SERVER[‘REQUEST_URI’], “CONCAT”) ||
strpos($_SERVER[‘REQUEST_URI’], “UNION SELECT”) ||
strpos($_SERVER[‘REQUEST_URI’], “base64”)) {
@header(“HTTP/1.1 414 Request-URI Too Long”);
@header(“Status: 414 Request-URI Too Long”);
@header(“Connection: Close”);
@exit;
}
}
} ?>

Codes updated on Jan. 10, 2010.

Save this file and upload it in your plugin directory /wp-content/plugins/ and your work is done. This script will check for long strings as well as base64 code which was in the last attack and the eval( code which could be a threat in the future.

Once active, this plugin will silently and effectively close any connections for these sorts of injection-type attacks.

WordPress WordPress Plugin