Image by Vivek
As WordPress getting popular day by day the probability of WordPress blog getting hacked by Hackers becoming quite high.Though it is impossible to completely eliminate the security hole, you can secure yourselves from some commonly used attacks by hackers.
If you are using WordPress on Apache web-server then you can add some codes to .htaccess file to secure your blog from security risks.
.htaccess is a hidden file which sets directory level server configuration.
First get a backup of .htaccess file and add the following at the end.
# 5G BLACKLIST/FIREWALL (2013)
# @ http://perishablepress.com/5g-blacklist-2013/
# 5G:[QUERY STRINGS]
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} (javascript:).*(\;) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3) [NC,OR]
RewriteCond %{QUERY_STRING} (\\|\.\./|`|=\'$|=%27$) [NC,OR]
RewriteCond %{QUERY_STRING} (\;|\'|\"|%22).*(union|select|insert|drop|update|md5|benchmark|or|if) [NC,OR]
RewriteCond %{QUERY_STRING} (base64_encode|localhost|mosconfig) [NC,OR]
RewriteCond %{QUERY_STRING} (boot\.ini|echo.*kae|etc/passwd) [NC,OR]
RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC]
RewriteRule .* - [F]
# 5G:[USER AGENTS]
# SetEnvIfNoCase User-Agent ^$ keep_out
SetEnvIfNoCase User-Agent (binlar|casper|cmsworldmap|comodo|diavol|dotbot|feedfinder|flicky|ia_archiver|jakarta|kmccrew|nutch|planetwork|purebot|pycurl|skygrid|sucker|turnit|vikspider|zmeu) keep_out
Order Allow,Deny
Allow from all
Deny from env=keep_out
# 5G:[REQUEST STRINGS]
RedirectMatch 403 (https?|ftp|php)\://
RedirectMatch 403 /(https?|ima|ucp)/
RedirectMatch 403 /(Permanent|Better)$
RedirectMatch 403 (\=\\\'|\=\\%27|/\\\'/?|\)\.css\()$
RedirectMatch 403 (\,|\)\+|/\,/|\{0\}|\(/\(|\.\.\.|\+\+\+|\||\\\"\\\")
RedirectMatch 403 \.(cgi|asp|aspx|cfg|dll|exe|jsp|mdb|sql|ini|rar)$
RedirectMatch 403 /(contac|fpw|install|pingserver|register)\.php$
RedirectMatch 403 (base64|crossdomain|localhost|wwwroot|e107\_)
RedirectMatch 403 (eval\(|\_vti\_|\(null\)|echo.*kae|config\.xml)
RedirectMatch 403 \.well\-known/host\-meta
RedirectMatch 403 /function\.array\-rand
RedirectMatch 403 \)\;\$\(this\)\.html\(
RedirectMatch 403 proc/self/environ
RedirectMatch 403 msnbot\.htm\)\.\_
RedirectMatch 403 /ref\.outcontrol
RedirectMatch 403 com\_cropimage
RedirectMatch 403 indonesia\.htm
RedirectMatch 403 \{\$itemURL\}
RedirectMatch 403 function\(\)
RedirectMatch 403 labels\.rdf
RedirectMatch 403 /playing.php
RedirectMatch 403 muieblackcat
# 5G:[REQUEST METHOD]
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
# 5G:[BAD IPS]
Order Allow,Deny
Allow from all
# uncomment/edit/repeat next line to block IPs
# Deny from 123.456.789
[mybox] Source : 5G Blacklist 2013 by Jeff starr [/mybox]
Use this code at your own risk and I strongly recommend you to have a backup of your .htaccess file before adding the code.
As I said earlier add the code at the end of the file but in some blogs it may not work,in such case try adding the code at the beginning or more precisely place it before the WordPress permalink rules.
How it Works ?
The above code blocks any malicious request based on request method,referrer, cookies,request URI,query string, user agent and based on IP addresses.
If you dont understand it,no problem just know that it enhances your website security.
Any Effect on SEO ?
Nope…the code doesn’t block any legitimate request from white hat bots such as Google bots but It blocks any malicious request regardless of who makes it.
I will update the above code as soon as I find the enhancements.
![15 silly WordPress Errors that I want you to avoid [infographic]](http://www.wpstuffs.com/wp-content/uploads/2012/12/wordpress_user_errors_infographic_thumb-150x150.png)