WordPress .htaccess – prevent script injection | WordPress.org

Soccerwidow
(@soccerwidow)

12 years ago

I found following snippet code on various websites all of them recommending to insert it into the .htaccess to ensure that WordPress is more secure.

# protect from sql injection
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

However, I’m not a programmer, but somehow “RewriteEngine On” suggests to me that this code may allow other scripts to rewrite data in my blog instead of preventing…

Could please somebody confirm that this code is “clean”?

The topic ‘WordPress .htaccess – prevent script injection’ is closed to new replies.

Tags

htaccess

In: Plugins
0 replies
1 participant
Last reply from: Soccerwidow
Last activity: 12 years ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics