Protect WordPress Against Malicious URL Requests

Around early September last year, many WordPress sites were infected with malicious codes. They appeared in many forms and attacked certain files such as index.php, wp-config.php and etc. Removing the injected line of malicious codes manually and updating WordPress to the newest version was some of the only way to recover. Recently, we came across this one plugin that may prevent those from happening again.

Referring to our previous post regarding this WordPress malicious code attack and several ways to prevent and secure WordPress, this useful plugins may hardened the security of your WordPress against SQL injection and other types of attacks too.

Jeff Starr from Perishable Press has come with a solution to protect WordPress from these kind of attacks. He discovered a line of codes from a plugins and came up with new script that checks for excessively long request strings (i.e., greater than 255 characters), as well as the presence of either “eval(” or “base64” in the request URI. These sorts of nefarious requests were implicated in the September 2009 WordPress attacks. He recommended this script below to be added in WordPress plugins and be activated.

[sourcecode language=’php’] 255 ||
strpos($_SERVER[‘REQUEST_URI’], “eval(“) ||
strpos($_SERVER[‘REQUEST_URI’], “CONCAT”) ||
strpos($_SERVER[‘REQUEST_URI’], “UNION+SELECT”) ||
strpos($_SERVER[‘REQUEST_URI’], “base64”)) {
@header(“HTTP/1.1 414 Request-URI Too Long”);
@header(“Status: 414 Request-URI Too Long”);
@header(“Connection: Close”);
@exit;
}
}
} ?>[/sourcecode]

Copy and paste the script above in a notepad. Save the script with a name. Eg: blockbadqueries.php and put it in a folder with the same name. Upload the whole folder to the plugin directory. Eg: wp-content/plugins/blockbadqueries

Then simply activate the plugin. There you go!

• Note:

In addition to that, he also came up with a total security solution that is still in beta level and he named it as 4G Blacklist. To view this total security solution, continue to his site and read the progress of the 4G Blacklist.

<?php 
/* 
Plugin Name: Block Bad Queries
Plugin URI: http://perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests/
Description: Protect WordPress Against Malicious URL Requests
Author URI: http://perishablepress.com/
Author: Perishable Press
Version: 1.0
*/
global $user_ID; if($user_ID) {
	if(!current_user_can('level_10')) {
		if (strlen($_SERVER['REQUEST_URI']) > 255 || 
			strpos($_SERVER['REQUEST_URI'], "eval(") || 
			strpos($_SERVER['REQUEST_URI'], "CONCAT") || 
			strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || 
			strpos($_SERVER['REQUEST_URI'], "base64")) {
				@header("HTTP/1.1 414 Request-URI Too Long");
				@header("Status: 414 Request-URI Too Long");
				@header("Connection: Close");
				@exit;
		}
	}
} ?>