making bbPress (and WordPress) work better!

simple WordPress and bbPress security plugin to block long requests

I opened a WordPress security ticket today with something that’s been bothering me for awhile – Apache will take long URL queries up to 8k (8192) characters in length but it’s completely unnecessary and allows XSS exploits to get into WordPress and bbPress. Why not block them entirely with this scrap of a plugin (save as “_block_long_queries.php” without the quotes but with the leading underscore so it loads as early as possible and doesn’t need activation – also can’t be easily deactivated by hackers)

view: http://pastebin.com/icdBbByd
download: http://pastebin.com/download.php?i=4E8yqSky

Should only add a trivial amount of overhead but might save you one day from an unpatched bug. I’ve yet to see an exploit via $_GET that’s less than 255 characters. Won’t do anything for $_POST exploits but every little bit helps.

(updated March 13 2011 to more efficient/sensitive version)

7 responses

  1. Pingback: 16 Essential WordPress Plugins To Protect Your Blog From Hackers - The Red Ferret Journal

  2. Pingback: 16 Essential WordPress Plugins To Protect Your Blog From Hackers | Best Wordpress | rooteto.com - Ertuğrul SAĞLAM

  3. Pingback: 16 Essential WordPress Plugins To Protect Your Blog From Hackers : sohbet chat dostluk arkadaslik sohbet odaları kameralı sohbet sesli chat kızlarla sohbet

  4. Pingback: WordPress hacked? Stop using CHMOD 777 ! « _ck_ says…

  5. Pingback: How to Protect Wordpress Blog From Hackers

  6. updated March 13, 2011 to more efficient/sensitive version

    recommended to upgrade if you are using the original version

    March 13, 2011 at 9:28 am

  7. Pingback: 16 Essential WordPress Plugins To Protect Your Blog From Hackers | supernetcraze.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s