Update: This plugin can now be found in the WordPress plugin repository for easy installs.
I was skimming through my Google FeedReader the other day and read an excellent article by Jeff Starr of Perishable Press which showed us how to create a very simple plugin to help protect our WordPress sites from malicious WordPress crackers.
He found this code in the pastebin repository, a site where people who write computer code can come together and help one another.
A dead giveaway that someone is trying to hack into your blog is when you see terms like the following being used:
- base64()
- eval()
The plugin shown below will attempt to block such requests. So with that, let’s get on to the tutorial.
The How-To Video
Remember you can click the “full view” button to see it a little better.
Step-by-Step
Step1: Head over to Perishable Press and copy the code Jeff shows us by clicking here (link opens in a new window).
Step 2: Open a text editor and paste the code in. Be sure to save the file as a .php file (for example, block-bad-requests.php).
Step 3: Zip up the file you just created using a zip program like WinZip or the zip utility that comes with Windows.
Step4: Upload, install, and activate the plugin.
Quick, simple, and effective.
January 1st, 2010 at 6:01 am
Hi John
Best of both worlds… video and screenshots.
You’re spoiling us John!
If I create this plugin, can I advertise myself as a WordPress plugin developer? LOL
I’m with you on security so this will be my first plugin of the new year.
January 1st, 2010 at 11:10 am
Sorry John,I forgot to ask…
Presumably you can simply upload the .php file to your plugins directory and then activate it via the dashboard?
January 1st, 2010 at 11:54 am
Hey Keith. Yeah it’s a pretty neat little piece of code.
Yes, you should be able to upload the php file to your plugins directory and activate it. Should be no problem there.
I assume you’re using FTP for that…?
If you can, try to use SFTP or FTPS. Check with your web host to see if you have that option, that way your FTP login info will be encrypted and not easily obtained.
January 1st, 2010 at 11:58 am
Thanks John
I use FTP over explicit TLS/SSL, which my hosting service tells me is secure.
January 1st, 2010 at 12:02 pm
That’s good, Keith. That’s what we offer as well.
January 1st, 2010 at 12:26 pm
John if my hosting company weren’t so good… I would have signed up with you long ago.
After my early attempts at FTP, my hosting company used to send me emails saying that they had moved my files to the correct directory LOL
January 2nd, 2010 at 3:51 am
All done John
Uploaded and activated in less than 10mins.
Thanks for spending time to make it easy for the rest of us.
January 2nd, 2010 at 5:31 am
Very cool, Keith. It’s my pleasure. Thanks for reading!
January 11th, 2010 at 12:44 pm
Hi John
I’ve just noticed your comments over at Perishable Press about adding to the code there.
I copied the code from the top of the page but your comment suggests that we should be using the code from comment number 20.
Is that correct?
January 11th, 2010 at 12:53 pm
Jeff updated the post with the best code to use. Make sure you use the updated code in his post. That’s the best one to use.
March 6th, 2010 at 3:55 pm
This is now available as a plugin at WordPress.org, FYI. Came here from your ebook, went through all this, only to have WordPress immediately tell me that the plugin was out of date and to download the new version from WP.org.
March 6th, 2010 at 4:44 pm
Hi Anysia. Thanks for purchasing the ebook, I hope you like it.
Thanks for the update on the plugin. I added Jeff’s plugin to the ebook at the last minute. He wrote the plugin and I emailed him asking if it was ok to put it in the book. Good to know it’s now available for everyone in the plugin repository. It’s a great (and simple) plugin.
March 7th, 2010 at 11:30 am
Hi
Just looked at WordPress plugins repository – presumably the plugin is the “Block Bad Queries (BBQ)” by Jeff Starr.
March 7th, 2010 at 12:30 pm
Hi Keith… yep it is and I definitely gave him full credit for the plugin in the post above and also in WordPress Defender.
I made sure to ask him if first if I could include it in WordPress Defender.
Yeah Anysia (above) mentioned it, too. After this comment I’ll log in and update the post.
Thanks for spotting it.
March 7th, 2010 at 12:42 pm
John
When I created the plugin as shown above, I didn’t call it “Block Bad Queries”
I’m guessing that this plugin does not create any database tables so I can simply delete the one I created and upload Jeff’s.
March 7th, 2010 at 12:50 pm
@Keith – yep, you’re good to go to deactivate and delete the version you have and then upload and activate the latest version plugin.
Hint: To find it easily, go to Plugins -> Add New in your blog’s sidebar and search for BBQ.
That should bring it up quick.
March 7th, 2010 at 12:56 pm
Thanks John
Much appreciated.
March 4th, 2011 at 7:59 pm
Hi, I know it’s 2011 but I was wondering if I can still download the plug in and if it will work. I found it thorough my plugins section, but it says that it’s not compatable with current version of wordpress. What should I do?
March 4th, 2011 at 10:18 pm
Hi Tatianna.
It doesn’t say that’s it’s not necessarily compatible with the latest version of WordPress, it just says that it’s compatible up to 3.0.5 – which means the plugin author just hasn’t updated the plugin page.
I run that plugin on my blogs which have the latest version of WordPress and I’ve seen no problems with it. It should be safe to use.
March 5th, 2011 at 8:50 pm
Thank you John,
I will try it. I am very new to wordpress and blogging, so I am pretty afraid to experiment with new plugins. But if you say it works, I will download it. I have been reading so many horror stories about hackers that I have been shaking in my sleep. I read your story as well about your’ wife’s blog being broken inn to, I don’t even imagine the stress you guys had to go through. Thank you again, for all of your tutorials.
Tatianna
March 5th, 2011 at 9:40 pm
Hi Tatianna. Yes, it’s not good news and those people who ruin our sites really suck.
Tatianna, being that you’re new to blogging, I have a new membership site I am working on which will showcase a ton of videos showing you WordPress videos, blogging videos, and a ton more. Should I put your email list down on a list to contact once it’s done?
Not sure if you’d be interested in that but if so, let me know.
March 5th, 2011 at 11:50 pm
I am interested put me down
, Thank you John