Image by Vivek
As WordPress getting popular day by day the probability of WordPress blog getting hacked by Hackers becoming quite high.Though it is impossible to completely eliminate the security hole, you can secure yourselves from some commonly used attacks by hackers.
If you are using WordPress on Apache web-server then you can add some codes to .htaccess file to secure your blog from security risks.
.htaccess is a hidden file which sets directory level server configuration.
First get a backup of .htaccess file and add the following at the end.
# 5G BLACKLIST/FIREWALL (2013)
# @ http://perishablepress.com/5g-blacklist-2013/
# 5G:[QUERY STRINGS]
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} (javascript:).*(\;) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3) [NC,OR]
RewriteCond %{QUERY_STRING} (\\|\.\./|`|=\'$|=%27$) [NC,OR]
RewriteCond %{QUERY_STRING} (\;|\'|\"|%22).*(union|select|insert|drop|update|md5|benchmark|or|if) [NC,OR]
RewriteCond %{QUERY_STRING} (base64_encode|localhost|mosconfig) [NC,OR]
RewriteCond %{QUERY_STRING} (boot\.ini|echo.*kae|etc/passwd) [NC,OR]
RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC]
RewriteRule .* - [F]
# 5G:[USER AGENTS]
# SetEnvIfNoCase User-Agent ^$ keep_out
SetEnvIfNoCase User-Agent (binlar|casper|cmsworldmap|comodo|diavol|dotbot|feedfinder|flicky|ia_archiver|jakarta|kmccrew|nutch|planetwork|purebot|pycurl|skygrid|sucker|turnit|vikspider|zmeu) keep_out
Order Allow,Deny
Allow from all
Deny from env=keep_out
# 5G:[REQUEST STRINGS]
RedirectMatch 403 (https?|ftp|php)\://
RedirectMatch 403 /(https?|ima|ucp)/
RedirectMatch 403 /(Permanent|Better)$
RedirectMatch 403 (\=\\\'|\=\\%27|/\\\'/?|\)\.css\()$
RedirectMatch 403 (\,|\)\+|/\,/|\{0\}|\(/\(|\.\.\.|\+\+\+|\||\\\"\\\")
RedirectMatch 403 \.(cgi|asp|aspx|cfg|dll|exe|jsp|mdb|sql|ini|rar)$
RedirectMatch 403 /(contac|fpw|install|pingserver|register)\.php$
RedirectMatch 403 (base64|crossdomain|localhost|wwwroot|e107\_)
RedirectMatch 403 (eval\(|\_vti\_|\(null\)|echo.*kae|config\.xml)
RedirectMatch 403 \.well\-known/host\-meta
RedirectMatch 403 /function\.array\-rand
RedirectMatch 403 \)\;\$\(this\)\.html\(
RedirectMatch 403 proc/self/environ
RedirectMatch 403 msnbot\.htm\)\.\_
RedirectMatch 403 /ref\.outcontrol
RedirectMatch 403 com\_cropimage
RedirectMatch 403 indonesia\.htm
RedirectMatch 403 \{\$itemURL\}
RedirectMatch 403 function\(\)
RedirectMatch 403 labels\.rdf
RedirectMatch 403 /playing.php
RedirectMatch 403 muieblackcat
# 5G:[REQUEST METHOD]
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
# 5G:[BAD IPS]
Order Allow,Deny
Allow from all
# uncomment/edit/repeat next line to block IPs
# Deny from 123.456.789Use this code at your own risk and I strongly recommend you to have a backup of your .htaccess file before adding the code.
As I said earlier add the code at the end of the file but in some blogs it may not work,in such case try adding the code at the beginning or more precisely place it before the WordPress permalink rules.
How it Works ?
The above code blocks any malicious request based on request method,referrer, cookies,request URI,query string, user agent and based on IP addresses.
If you dont understand it,no problem just know that it enhances your website security.
Any Effect on SEO ?
Nope…the code doesn’t block any legitimate request from white hat bots such as Google bots but It blocks any malicious request regardless of who makes it.
I will update the above code as soon as I find the enhancements.
Why did you say use it at your own risk? If we mess with the code will anything happen to our blog? The image you created by merging WP logo, aparichith image and the words hacked are all superb. BTW are you from Andhra Pradesh?
Vijesh recently posted…Interview of Narender Chopra: Guy who made a difference in the blogosphere with his techno updates
Since the code above is not written by me,I dont know how it behaves in different blog setups thats why I gave a caution (though works for me),Thats why I emphasized having a backup to revert back to original incase anything unexpected happens.(very less chance though)
Thanks for your appreciation,Photoshop did the trick.I am from Tamil Nadu,pretty soon will be completing the Engineering.
Vivek R recently posted…Add a killer social media icons with hover effect on WordPress blog : Without using Plugin
Hi Vivek,
This is a great post but with me, I’m not good with codes so I’ve a special way of backing up my website without necessarily dealing with codes.
Thanks Cudjoe.
You dont need to take full backup of your website,just copy the .htaccess file to your computer before adding the above code. Its better to spend five minutes to secure the website than spending days and nights to recover it from hackers.
Vivek R recently posted…Few WordPress Plugins to Manage Digital Downloads
nice article !
Thank You !
It worked well for me . Thanks a lot for your help .
glad it worked for you…Thanks for leaving your opinion.
Vivek R recently posted…How to set Maximum number of Post Revisions without using a Plugin