simple WordPress and bbPress security plugin to block long requests
I opened a WordPress security ticket today with something that’s been bothering me for awhile – Apache will take long URL queries up to 8k (8192) characters in length but it’s completely unnecessary and allows XSS exploits to get into WordPress and bbPress. Why not block them entirely with this scrap of a plugin (save as “_block_long_queries.php” without the quotes but with the leading underscore so it loads as early as possible and doesn’t need activation – also can’t be easily deactivated by hackers)
view: http://pastebin.com/icdBbByd
download: http://pastebin.com/download.php?i=4E8yqSky
Should only add a trivial amount of overhead but might save you one day from an unpatched bug. I’ve yet to see an exploit via $_GET that’s less than 255 characters. Won’t do anything for $_POST exploits but every little bit helps.
(updated March 13 2011 to more efficient/sensitive version)
Pingback: 16 Essential WordPress Plugins To Protect Your Blog From Hackers - The Red Ferret Journal
Pingback: 16 Essential WordPress Plugins To Protect Your Blog From Hackers | Best Wordpress | rooteto.com - Ertuğrul SAĞLAM
Pingback: 16 Essential WordPress Plugins To Protect Your Blog From Hackers : sohbet chat dostluk arkadaslik sohbet odaları kameralı sohbet sesli chat kızlarla sohbet
Pingback: WordPress hacked? Stop using CHMOD 777 ! « _ck_ says…
Pingback: How to Protect Wordpress Blog From Hackers
updated March 13, 2011 to more efficient/sensitive version
recommended to upgrade if you are using the original version
March 13, 2011 at 9:28 am
Pingback: 16 Essential WordPress Plugins To Protect Your Blog From Hackers | supernetcraze.com