making bbPress (and WordPress) work better!

simple WordPress and bbPress security plugin to block long requests

I opened a WordPress security ticket today with something that’s been bothering me for awhile – Apache will take long URL queries up to 8k (8192) characters in length but it’s completely unnecessary and allows XSS exploits to get into WordPress and bbPress. Why not block them entirely with this scrap of a plugin (save as “_block_long_queries.php” without the quotes but with the leading underscore so it loads as early as possible and doesn’t need activation – also can’t be easily deactivated by hackers)

view: http://pastebin.com/icdBbByd
download: http://pastebin.com/download.php?i=4E8yqSky

Should only add a trivial amount of overhead but might save you one day from an unpatched bug. I’ve yet to see an exploit via $_GET that’s less than 255 characters. Won’t do anything for $_POST exploits but every little bit helps.

(updated March 13 2011 to more efficient/sensitive version)

This entry was posted on November 11, 2008 by . It was filed under bbPress, PHP, WP development, WP plugins and was tagged with , , .

7 responses

  1. Pingback: 16 Essential WordPress Plugins To Protect Your Blog From Hackers - The Red Ferret Journal

  2. Pingback: 16 Essential WordPress Plugins To Protect Your Blog From Hackers | Best Wordpress | rooteto.com - Ertuğrul SAĞLAM

  3. Pingback: 16 Essential WordPress Plugins To Protect Your Blog From Hackers : sohbet chat dostluk arkadaslik sohbet odaları kameralı sohbet sesli chat kızlarla sohbet

  4. Pingback: WordPress hacked? Stop using CHMOD 777 ! « _ck_ says…

  5. Pingback: How to Protect Wordpress Blog From Hackers

  6. _ck_

    updated March 13, 2011 to more efficient/sensitive version

    recommended to upgrade if you are using the original version

    March 13, 2011 at 9:28 am

    Reply

  7. Pingback: 16 Essential WordPress Plugins To Protect Your Blog From Hackers | supernetcraze.com

Leave a comment