WordPress Security Hacks Part Two.. | Tutorial Freak – Online Tutorials

WordPress Security Hacks Part Two..

wordpress-150x150

Part Two: 6 and 7..


6. Fight Back Against Content Scrapers

The problem

If your blog is the least bit known, people will no doubt try to use your content on their own websites without your consent. One of the biggest problems is hot-linking to your images, which saps your server’s bandwidth.

The solution

To protect your website against hot-linking and content scrapers, simply paste the following code in your .htaccess file. As always, don’t forget to back up when modifying the .htaccess file.

RewriteEngine On
#Replace ?mysite\.com/ with your blog url
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
#Replace /images/nohotlink.jpg with your “don’t hotlink” image url
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]

Once you’ve saved the file, only your website will be able to link to your images, or, to be more correct, no one would link to your images, because it would be way too complicated and time-consuming. Other websites will automatically display the nohotlink.jpg image. Note that you can also specify a non-existent image, so websites that try to hot-link to you would display a blank space.

Code explanation

With this code, the first thing we’ve done is check the referrer to see that it matches our blog’s URL and it is not empty. If it doesn’t, and the file has a JPG, GIF, BMP or PNG extension, then the nohotlink image is displayed instead.

7. Create A Plug-In To Protect Your Blog From Malicious URL Requests

The problem

Hackers and evil-doers often use malicious queries to find and attack a blog’s weak spots. WordPress has good default protection, but enhancing it is possible.

The solution

Paste the following code in a text file, and save it as blockbadqueries.php. Once you’ve done that, upload it to your wp-content/plugins directory and activate it as you would any other plug-in. Now your blog is protected against malicious queries.

255 ||
strpos($_SERVER['REQUEST_URI'], “eval(“) ||
strpos($_SERVER['REQUEST_URI'], “CONCAT”) ||
strpos($_SERVER['REQUEST_URI'], “UNION+SELECT”) ||
strpos($_SERVER['REQUEST_URI'], “base64″)) {
@header(“HTTP/1.1 414 Request-URI Too Long”);
@header(“Status: 414 Request-URI Too Long”);
@header(“Connection: Close”);
@exit;
}
}
}
?>

Code explanation

What this code does is pretty simple. It checks for excessively long request strings (more than 255 characters) and for the presence of either the eval or base64 PHP functions in the URI. If one of these conditions is met, then the plug-in sends a 414 error to the client’s browser.

KeithM..

Pro Photographer, WebMaster & Writer.. Please follow us on Facebook

KeithM.. – who has written posts on Tutorial Freak – Online Tutorials.


Help keep us alive & kicking, we need coffee 24/7, please donate, thanks!
Embed

Leave a Reply

      
      
      
      
      
      
      
      
             
Save Now! $1.99 .COM at GoDaddy!
             
      
  • Key Points for Building a Better Blog..