Prevent script injection

For protect your WordPress blog from script injection, and unwanted code of _REQUEST and /or GLOBALS. I found this code on wprecipes. Simple copy and paste the code below to your .htaccess in the root which helps is script injection.

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

Leave a Reply

Your email address will not be published. Required fields are marked *

19 − 14 =