Are you looking for a way to block common exploits? While there’s probably a plugin for this, we have created a quick code snippet that you can use to block common exploits in WordPress.
Instructions:
All you have to do is add this code to your theme’s .HTACCESS file or in a site-specific plugin:
RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ ///.*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\?\=?(http|ftp|ssl|https):/.*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\?\?.*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\.(asp|ini|dll).*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\.(htpasswd|htaccess|aahtpasswd).*\ HTTP/ [NC]
RewriteRule .* - [F,NS,L]
Note: If this is your first time adding code snippets in WordPress, then please refer to our guide on how to properly add code snippets in WordPress, so you don’t accidentally break your site.
If you liked this code snippet, please consider checking out our other articles on the site like: 11 best WordPress quiz plugins and how to create stunning WordPress optin forms.
Can you please elaborate more. What type of exploits, we can block. How can we block a specific exploit, about which know.
Please tell me.
Thanks
This snippet does a range of things, including denies POST request with wrong content type and denies requests that dont contain a HTTP HOST Header also specific file types from being viewed. etc, If you are not familiar with htaccess make sure you backup your original file first.