updated   : April 22, 2013
we now have 608 snippets
|     trending  :  functions.php,shortcode,posts,
By : ,

Protect wordpress against malicious URL requests

wordpress snippet
protect-wordpress-against-malicious-url-requests

Fantastic snippet from Perishable Press this snippet is great for the security to protect wordpress against malicious URL requests. I have attached a zip file with a download of this snippet as a plugin. Just ftp the single php file to your plugins folder and active as normal.

( download )

snippet :  PHPcopy
global $user_ID; if($user_ID) {
	if(!current_user_can('administrator')) {
		if (strlen($_SERVER['REQUEST_URI']) > 255 ||
			stripos($_SERVER['REQUEST_URI'], "eval(") ||
			stripos($_SERVER['REQUEST_URI'], "CONCAT") ||
			stripos($_SERVER['REQUEST_URI'], "UNION+SELECT") ||
			stripos($_SERVER['REQUEST_URI'], "base64")) {
				@header("HTTP/1.1 414 Request-URI Too Long");
				@header("Status: 414 Request-URI Too Long");
				@header("Connection: Close");
				@exit;
		}
	}
}
source →

Author
Twitter Facebook

Share this link yet? Pretty Please :)

remove-edit-view-trash-and-quick-edit-links-within-posts-admin
change-set-featured-image-text-within-admin
display-user-comment-count-next-to-username
force-categories-widget-to-display-empty-categories

this months featured snippets

Related posts

- Exclude pages from admin edit pages list

- Force specific pages to be secure, ssl, https

- Remove / unset URL field from comment form

- Display $hook_suffix as admin notice

- Remove buttons from add media popup

  • SB

    This will only protect a GET request, like index.php?name=eval(base64_decode(EVIL+CODE

    But in the WordPress Forum a lot of people are getting hacked via Post requests, and then this code will not protect.

    Do you have something similar but for POST?

  • Ty

    Can I just add this code to my functions.php plugin?

    I’d also like to see code for POST protection.

    • http://wpsnipp.com Kevin Chard

       the best way to include this I find it to place it within the mu-plugins/ folder if you don’t have one you can create one. This will force the plugin to run as a must use plugin. Download the zip above that is the best way to run it,

  • http://twitter.com/DrewAPicture Drew Jaynes

    User levels were deprecated in WP 3.0, you should use actual capabilities or roles in your current_user_can check, e.g.
    if ( ! current_user_can( 'administrator' ) ) {

    • http://wpsnipp.com Kevin Chard

       Very true Drew, ill update the snippet thanks!

  • Paul

    He Kevin, is this the same stuff what Secure WordPress (http://wordpress.org/extend/plugins/secure-wordpress/) does, see list item 11?

track post views without a plugin using post meta
Track post views without a plugin using post meta
most-popular-posts-using-views-post-meta
Most popular posts using views post meta
custom media_buttons shortcode select menu
Update: Automatically create media_buttons for shortcode selection
add-a-character-counter-to-excerpt-metabox
Add a character counter to excerpt metabox
attach-images-with-simple-thumbnail-selection-metabox
Attach images with simple thumbnail selection metabox
dynamically-create-and-attach-sidebars-to-pages-or-posts
Dynamically create and attach sidebars to pages or posts
custom media_buttons shortcode select menu
Update: Automatically create media_buttons for shortcode selection
send-email-notification-when-profile-updates
Send email notification when profile updates
wordpress code snippets
© copyright 2012 wpsnipp all rights reserved.