A nice .htaccess protection mechanism
There are several WP hacks that attempt to exploit some plugin or add-on. They usually try to run the plugin with the exploit and then gain access to another file up the server directory structure via parameters. Using something like:
&view=../../../../../../../../../../etc/passwd
We wrote this little nugget to help stop this.
# Block attempts with ../../ and other QS args
RewriteCond %{QUERY_STRING} \.\./ [OR]
RewriteCond %{QUERY_STRING} (https?|ftp)(\:|\%3A) [OR]
Please feel free to use it in your sites.
Another nice security trick, if you have a reseller account or your own server is to save your important config file with root or your main reseller account.
That way if someone does hack a plug in or your WP site then they will not be able to overwrite your .htaccess or other important files. Sure this is more work for you but you hardly ever edit these files.
I hope this helps,
Kevin
-
Sojourn -
Thanks - 1 reply
SignatureFree blogging guide with clone site | Currently running: 6 Mos Amazon Affiliate Coaching{{ DiscussionBoard.errors[2209088].message }}-
bydomino -
[ 2 ] Thanks - 1 reply
{{ DiscussionBoard.errors[2209641].message }}-
Sojourn -
Thanks
SignatureFree blogging guide with clone site | Currently running: 6 Mos Amazon Affiliate Coaching{{ DiscussionBoard.errors[2210579].message }} -
-
-
-
InternetSuccess001 -
Thanks
SignaturePick a product. Pick ANY product! -> 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9{{ DiscussionBoard.errors[2210013].message }} -
-
alexbbbh -
Thanks
{{ DiscussionBoard.errors[2210786].message }} -