Get a domain name


Guarding WordPress Against Hacker URL Requests

Mon, Dec 28, 2009

Adding To WordPress

Update: This plugin can now be found in the WordPress plugin repository for easy installs.

I was skimming through my Google FeedReader the other day and read an excellent article by Jeff Starr of Perishable Press which showed us how to create a very simple plugin to help protect our WordPress sites from malicious WordPress crackers.

He found this code in the pastebin repository, a site where people who write computer code can come together and help one another.

A dead giveaway that someone is trying to hack into your blog is when you see terms like the following being used:

  • base64()
  • eval()

The plugin shown below will attempt to block such requests. So with that, let’s get on to the tutorial.

The How-To Video

Remember you can click the “full view” button to see it a little better.

Step-by-Step

Step1: Head over to Perishable Press and copy the code Jeff shows us by clicking here (link opens in a new window).

Step 2: Open a text editor and paste the code in. Be sure to save the file as a .php file (for example, block-bad-requests.php).

Step 3: Zip up the file you just created using a zip program like WinZip or the zip utility that comes with Windows.

zip the file

Step4: Upload, install, and activate the plugin.

Quick, simple, and effective.

Post to Twitter Post to Delicious Post to Digg Post to Facebook Post to Reddit Post to StumbleUpon

Related posts:

  1. How To Upgrade WordPress Manually
  2. How To Install Google Analytics On A WordPress Blog Without Using A Plugin
  3. How To Move Your WordPress Core Files Out Of Root
  4. How To Backup Your WordPress Blog’s Database With A Plugin

,
John's Wishlist

17 Responses to “Guarding WordPress Against Hacker URL Requests”

  1. Keith Davis Says:
    January 1st, 2010 at 6:01 am

    Hi John
    Best of both worlds… video and screenshots.
    You’re spoiling us John!
    If I create this plugin, can I advertise myself as a Wordpress plugin developer? LOL
    I’m with you on security so this will be my first plugin of the new year.

  2. Keith Davis Says:
    January 1st, 2010 at 11:10 am

    Sorry John,I forgot to ask…
    Presumably you can simply upload the .php file to your plugins directory and then activate it via the dashboard?

  3. John Hoff Says:
    January 1st, 2010 at 11:54 am

    Hey Keith. Yeah it’s a pretty neat little piece of code.

    Yes, you should be able to upload the php file to your plugins directory and activate it. Should be no problem there.

    I assume you’re using FTP for that…?

    If you can, try to use SFTP or FTPS. Check with your web host to see if you have that option, that way your FTP login info will be encrypted and not easily obtained.

  4. Keith Davis Says:
    January 1st, 2010 at 11:58 am

    Thanks John

    I use FTP over explicit TLS/SSL, which my hosting service tells me is secure.

  5. John Hoff Says:
    January 1st, 2010 at 12:02 pm

    That’s good, Keith. That’s what we offer as well.

  6. Keith Davis Says:
    January 1st, 2010 at 12:26 pm

    John if my hosting company weren’t so good… I would have signed up with you long ago.

    After my early attempts at FTP, my hosting company used to send me emails saying that they had moved my files to the correct directory LOL

  7. Keith Davis Says:
    January 2nd, 2010 at 3:51 am

    All done John
    Uploaded and activated in less than 10mins.
    Thanks for spending time to make it easy for the rest of us.

  8. John Hoff Says:
    January 2nd, 2010 at 5:31 am

    Very cool, Keith. It’s my pleasure. Thanks for reading! :)

  9. Keith Davis Says:
    January 11th, 2010 at 12:44 pm

    Hi John
    I’ve just noticed your comments over at Perishable Press about adding to the code there.
    I copied the code from the top of the page but your comment suggests that we should be using the code from comment number 20.
    Is that correct?

  10. John Hoff Says:
    January 11th, 2010 at 12:53 pm

    Jeff updated the post with the best code to use. Make sure you use the updated code in his post. That’s the best one to use.

  11. Anysia (Booklorn on Twitter) Says:
    March 6th, 2010 at 3:55 pm

    This is now available as a plugin at Wordpress.org, FYI. Came here from your ebook, went through all this, only to have WordPress immediately tell me that the plugin was out of date and to download the new version from WP.org.

  12. John Hoff Says:
    March 6th, 2010 at 4:44 pm

    Hi Anysia. Thanks for purchasing the ebook, I hope you like it.

    Thanks for the update on the plugin. I added Jeff’s plugin to the ebook at the last minute. He wrote the plugin and I emailed him asking if it was ok to put it in the book. Good to know it’s now available for everyone in the plugin repository. It’s a great (and simple) plugin.

  13. Keith Davis Says:
    March 7th, 2010 at 11:30 am

    Hi
    Just looked at Wordpress plugins repository – presumably the plugin is the “Block Bad Queries (BBQ)” by Jeff Starr.

  14. John Hoff Says:
    March 7th, 2010 at 12:30 pm

    Hi Keith… yep it is and I definitely gave him full credit for the plugin in the post above and also in WordPress Defender.

    I made sure to ask him if first if I could include it in WordPress Defender.

    Yeah Anysia (above) mentioned it, too. After this comment I’ll log in and update the post.

    Thanks for spotting it.

  15. Keith Davis Says:
    March 7th, 2010 at 12:42 pm

    John
    When I created the plugin as shown above, I didn’t call it “Block Bad Queries”

    I’m guessing that this plugin does not create any database tables so I can simply delete the one I created and upload Jeff’s.

  16. John Hoff Says:
    March 7th, 2010 at 12:50 pm

    @Keith – yep, you’re good to go to deactivate and delete the version you have and then upload and activate the latest version plugin.

    Hint: To find it easily, go to Plugins -> Add New in your blog’s sidebar and search for BBQ.

    That should bring it up quick.

  17. Keith Davis Says:
    March 7th, 2010 at 12:56 pm

    Thanks John
    Much appreciated.


Leave a Reply

PHVsPjxsaT48c3Ryb25nPndvb19hZHNfcm90YXRlPC9zdHJvbmc+IC0gdHJ1ZTwvbGk+PGxpPjxzdHJvbmc+d29vX2FkXzIwMF9hZHNlbnNlPC9zdHJvbmc+IC0gPC9saT48bGk+PHN0cm9uZz53b29fYWRfMjAwX2ltYWdlPC9zdHJvbmc+IC0gPC9saT48bGk+PHN0cm9uZz53b29fYWRfMjAwX3VybDwvc3Ryb25nPiAtIDwvbGk+PGxpPjxzdHJvbmc+d29vX2FkXzMwMF9hZHNlbnNlPC9zdHJvbmc+IC0gPC9saT48bGk+PHN0cm9uZz53b29fYWRfMzAwX2ltYWdlPC9zdHJvbmc+IC0gaHR0cDovL3d3dy53b290aGVtZXMuY29tL2Fkcy93b290aGVtZXMtMzAweDI1MC0yLmdpZjwvbGk+PGxpPjxzdHJvbmc+d29vX2FkXzMwMF91cmw8L3N0cm9uZz4gLSBodHRwOi8vd3d3Lndvb3RoZW1lcy5jb208L2xpPjxsaT48c3Ryb25nPndvb19hZF9jb250ZW50X2Fkc2Vuc2U8L3N0cm9uZz4gLSA8L2xpPjxsaT48c3Ryb25nPndvb19hZF9jb250ZW50X2Rpc2FibGU8L3N0cm9uZz4gLSBmYWxzZTwvbGk+PGxpPjxzdHJvbmc+d29vX2FkX2NvbnRlbnRfaW1hZ2U8L3N0cm9uZz4gLSBodHRwOi8vd3d3Lndvb3RoZW1lcy5jb20vYWRzL3dvb3RoZW1lcy00Njh4NjAtMi5naWY8L2xpPjxsaT48c3Ryb25nPndvb19hZF9jb250ZW50X3VybDwvc3Ryb25nPiAtIGh0dHA6Ly93d3cud29vdGhlbWVzLmNvbTwvbGk+PGxpPjxzdHJvbmc+d29vX2FkX2ltYWdlXzE8L3N0cm9uZz4gLSBodHRwOi8vd3d3Lndvb3RoZW1lcy5jb20vYWRzL3dvb3RoZW1lcy0xMjV4MTI1LTEuZ2lmPC9saT48bGk+PHN0cm9uZz53b29fYWRfaW1hZ2VfMjwvc3Ryb25nPiAtIGh0dHA6Ly93d3cud29vdGhlbWVzLmNvbS9hZHMvd29vdGhlbWVzLTEyNXgxMjUtMi5naWY8L2xpPjxsaT48c3Ryb25nPndvb19hZF9pbWFnZV8zPC9zdHJvbmc+IC0gaHR0cDovL3d3dy53b290aGVtZXMuY29tL2Fkcy93b290aGVtZXMtMTI1eDEyNS0zLmdpZjwvbGk+PGxpPjxzdHJvbmc+d29vX2FkX2ltYWdlXzQ8L3N0cm9uZz4gLSBodHRwOi8vd3d3Lndvb3RoZW1lcy5jb20vYWRzL3dvb3RoZW1lcy0xMjV4MTI1LTQuZ2lmPC9saT48bGk+PHN0cm9uZz53b29fYWRfaW1hZ2VfNTwvc3Ryb25nPiAtIGh0dHA6Ly93d3cud29vdGhlbWVzLmNvbS9hZHMvd29vdGhlbWVzLTEyNXgxMjUtNC5naWY8L2xpPjxsaT48c3Ryb25nPndvb19hZF9pbWFnZV82PC9zdHJvbmc+IC0gaHR0cDovL3d3dy53b290aGVtZXMuY29tL2Fkcy93b290aGVtZXMtMTI1eDEyNS00LmdpZjwvbGk+PGxpPjxzdHJvbmc+d29vX2FkX3RvcF9hZHNlbnNlPC9zdHJvbmc+IC0gPC9saT48bGk+PHN0cm9uZz53b29fYWRfdG9wX2Rpc2FibGU8L3N0cm9uZz4gLSBmYWxzZTwvbGk+PGxpPjxzdHJvbmc+d29vX2FkX3RvcF9pbWFnZTwvc3Ryb25nPiAtIGh0dHA6Ly93d3cud29vdGhlbWVzLmNvbS9hZHMvd29vdGhlbWVzLTQ2OHg2MC0yLmdpZjwvbGk+PGxpPjxzdHJvbmc+d29vX2FkX3RvcF91cmw8L3N0cm9uZz4gLSBodHRwOi8vd3d3Lndvb3RoZW1lcy5jb208L2xpPjxsaT48c3Ryb25nPndvb19hZF91cmxfMTwvc3Ryb25nPiAtIGh0dHA6Ly93d3cud29vdGhlbWVzLmNvbTwvbGk+PGxpPjxzdHJvbmc+d29vX2FkX3VybF8yPC9zdHJvbmc+IC0gaHR0cDovL3d3dy53b290aGVtZXMuY29tPC9saT48bGk+PHN0cm9uZz53b29fYWRfdXJsXzM8L3N0cm9uZz4gLSBodHRwOi8vd3d3Lndvb3RoZW1lcy5jb208L2xpPjxsaT48c3Ryb25nPndvb19hZF91cmxfNDwvc3Ryb25nPiAtIGh0dHA6Ly93d3cud29vdGhlbWVzLmNvbTwvbGk+PGxpPjxzdHJvbmc+d29vX2FkX3VybF81PC9zdHJvbmc+IC0gaHR0cDovL3d3dy53b290aGVtZXMuY29tPC9saT48bGk+PHN0cm9uZz53b29fYWRfdXJsXzY8L3N0cm9uZz4gLSBodHRwOi8vd3d3Lndvb3RoZW1lcy5jb208L2xpPjxsaT48c3Ryb25nPndvb19hbHRfc3R5bGVzaGVldDwvc3Ryb25nPiAtIDEzLWdydW5nZXdoaXRlLmNzczwvbGk+PGxpPjxzdHJvbmc+d29vX2FzaWRlc19jYXRlZ29yeTwvc3Ryb25nPiAtIFNlbGVjdCBhIGNhdGVnb3J5OjwvbGk+PGxpPjxzdHJvbmc+d29vX2F1dGhvcjwvc3Ryb25nPiAtIGZhbHNlPC9saT48bGk+PHN0cm9uZz53b29fYXV0b19pbWc8L3N0cm9uZz4gLSBmYWxzZTwvbGk+PGxpPjxzdHJvbmc+d29vX2NhdF9tZW51PC9zdHJvbmc+IC0gZmFsc2U8L2xpPjxsaT48c3Ryb25nPndvb19jb250ZW50PC9zdHJvbmc+IC0gZmFsc2U8L2xpPjxsaT48c3Ryb25nPndvb19jb250ZW50X2ZlYXQ8L3N0cm9uZz4gLSBmYWxzZTwvbGk+PGxpPjxzdHJvbmc+d29vX2N1c3RvbV9jc3M8L3N0cm9uZz4gLSA8L2xpPjxsaT48c3Ryb25nPndvb19jdXN0b21fZmF2aWNvbjwvc3Ryb25nPiAtIDwvbGk+PGxpPjxzdHJvbmc+d29vX2VtYmVkPC9zdHJvbmc+IC0gZmFsc2U8L2xpPjxsaT48c3Ryb25nPndvb19mZWF0dXJlZF9wb3N0czwvc3Ryb25nPiAtIDE8L2xpPjxsaT48c3Ryb25nPndvb19mZWF0X2ltYWdlX2hlaWdodDwvc3Ryb25nPiAtIDE5NTwvbGk+PGxpPjxzdHJvbmc+d29vX2ZlYXRfaW1hZ2Vfd2lkdGg8L3N0cm9uZz4gLSA1NDA8L2xpPjxsaT48c3Ryb25nPndvb19mZWVkYnVybmVyX2lkPC9zdHJvbmc+IC0gaHR0cDovL2ZlZWRidXJuZXIuZ29vZ2xlLmNvbS9mYi9hL21haWx2ZXJpZnk/dXJpPVdwQmxvZ0hvc3RWaWRlb1R1dG9yaWFsczwvbGk+PGxpPjxzdHJvbmc+d29vX2ZlZWRidXJuZXJfdXJsPC9zdHJvbmc+IC0gaHR0cDovL2ZlZWRzLmZlZWRidXJuZXIuY29tL1dwQmxvZ0hvc3RWaWRlb1R1dG9yaWFsczwvbGk+PGxpPjxzdHJvbmc+d29vX2dldF9pbWFnZV9oZWlnaHQ8L3N0cm9uZz4gLSAxNDI8L2xpPjxsaT48c3Ryb25nPndvb19nZXRfaW1hZ2Vfd2lkdGg8L3N0cm9uZz4gLSAxOTA8L2xpPjxsaT48c3Ryb25nPndvb19nb29nbGVfYW5hbHl0aWNzPC9zdHJvbmc+IC0gPHNjcmlwdCB0eXBlPVwidGV4dC9qYXZhc2NyaXB0XCI+DQp2YXIgZ2FKc0hvc3QgPSAoKFwiaHR0cHM6XCIgPT0gZG9jdW1lbnQubG9jYXRpb24ucHJvdG9jb2wpID8gXCJodHRwczovL3NzbC5cIiA6IFwiaHR0cDovL3d3dy5cIik7DQpkb2N1bWVudC53cml0ZSh1bmVzY2FwZShcIiUzQ3NjcmlwdCBzcmM9XCdcIiArIGdhSnNIb3N0ICsgXCJnb29nbGUtYW5hbHl0aWNzLmNvbS9nYS5qc1wnIHR5cGU9XCd0ZXh0L2phdmFzY3JpcHRcJyUzRSUzQy9zY3JpcHQlM0VcIikpOw0KPC9zY3JpcHQ+DQo8c2NyaXB0IHR5cGU9XCJ0ZXh0L2phdmFzY3JpcHRcIj4NCnRyeSB7DQp2YXIgcGFnZVRyYWNrZXIgPSBfZ2F0Ll9nZXRUcmFja2VyKFwiVUEtNzc3NzMzMi0zXCIpOw0KcGFnZVRyYWNrZXIuX3RyYWNrUGFnZXZpZXcoKTsNCn0gY2F0Y2goZXJyKSB7fTwvc2NyaXB0PjwvbGk+PGxpPjxzdHJvbmc+d29vX2hvbWU8L3N0cm9uZz4gLSB0cnVlPC9saT48bGk+PHN0cm9uZz53b29faG9tZV9jb250ZW50PC9zdHJvbmc+IC0gZmFsc2U8L2xpPjxsaT48c3Ryb25nPndvb19ob21lX2ZlYXR1cmVkPC9zdHJvbmc+IC0gdHJ1ZTwvbGk+PGxpPjxzdHJvbmc+d29vX2hvbWVfb25lX2NvbDwvc3Ryb25nPiAtIGZhbHNlPC9saT48bGk+PHN0cm9uZz53b29faW1hZ2Vfc2luZ2xlPC9zdHJvbmc+IC0gZmFsc2U8L2xpPjxsaT48c3Ryb25nPndvb19sb2dvPC9zdHJvbmc+IC0gPC9saT48bGk+PHN0cm9uZz53b29fbWFudWFsPC9zdHJvbmc+IC0gaHR0cDovL3d3dy53b290aGVtZXMuY29tL3N1cHBvcnQvdGhlbWUtZG9jdW1lbnRhdGlvbi9mcmVzaC1uZXdzLzwvbGk+PGxpPjxzdHJvbmc+d29vX25hdl9leGNsdWRlPC9zdHJvbmc+IC0gPC9saT48bGk+PHN0cm9uZz53b29fcmVzaXplPC9zdHJvbmc+IC0gdHJ1ZTwvbGk+PGxpPjxzdHJvbmc+d29vX3Nob3J0bmFtZTwvc3Ryb25nPiAtIHdvbzwvbGk+PGxpPjxzdHJvbmc+d29vX3NpbmdsZV9pbWFnZV9oZWlnaHQ8L3N0cm9uZz4gLSAxMDA8L2xpPjxsaT48c3Ryb25nPndvb19zaW5nbGVfaW1hZ2Vfd2lkdGg8L3N0cm9uZz4gLSAxMDA8L2xpPjxsaT48c3Ryb25nPndvb190YWJzPC9zdHJvbmc+IC0gdHJ1ZTwvbGk+PGxpPjxzdHJvbmc+d29vX3RoZW1lbmFtZTwvc3Ryb25nPiAtIEZyZXNoIE5ld3M8L2xpPjxsaT48c3Ryb25nPndvb190aHVtYl9pbWFnZV9oZWlnaHQ8L3N0cm9uZz4gLSA3NTwvbGk+PGxpPjxzdHJvbmc+d29vX3RodW1iX2ltYWdlX3dpZHRoPC9zdHJvbmc+IC0gNzU8L2xpPjxsaT48c3Ryb25nPndvb190d2l0dGVyPC9zdHJvbmc+IC0gPC9saT48bGk+PHN0cm9uZz53b29fdmlkZW9fYnJvd3Nlcl9pbml0PC9zdHJvbmc+IC0gNTwvbGk+PGxpPjxzdHJvbmc+d29vX3ZpZGVvX2NhdGVnb3J5PC9zdHJvbmc+IC0gU2VsZWN0IGEgY2F0ZWdvcnk6PC9saT48L3VsPg==