ASP.NET Hosting

WordPress 4.9.7 Hosting Tips: How to Prevent script injection on WordPress Site?

Hello, In this tutorial let me show you how to prevent script injection on WordPress site. Script Injection is a security vulnerability that allows an attacker to inject malicious code into dynamic or database driven websites. These injections can result in the download and installation of more malware and unwanted applications on your system, it can also allow unathorized remote access to the infected device causing loss of data, access to private information and corruption of files. I found this code on wprecipes and it works like a charm. Now you can protect your WordPress blog from script injection, and unwanted modification of _REQUEST and/or GLOBALS. Simple copy and paste the code below to your .htaccess in the root.


# protect from sql injection
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

Take a note at the files permission. Wp Security scan shows this in a nice way. Browse the specific files on your root using your favorite ftp client and Chmod the files if required.

Prevention is better than cure. I cannot personally guarantee that your blog won’t get hacked after implementing the methods I have mentioned but, i’m sure the chances of getting attacked will be very less. How secure is your wordpress blog? If you have got a tip or a piece of code you would like to contribute then use the comment box. I bet after reading this post, you will know how to prevent wordpress hack to some great extent.