WordPress.org

Ready to get started?Download WordPress

Forums

iThemes Security (formerly Better WP Security)
URL Parameters ending in = (1 post)

  1. George Lerner
    Member
    Posted 6 months ago #

    Better WP Security, with blocking bad URL phrases enabled, blocks parameters ending in an equal sign (=).

    Better WP Security has a line like this

    RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|"|;|\?|\*|=$).* [NC,OR]

    I removed |=$, which blocks parameters ending with equals, like

    /wp-admin/plugins.php?deactivate=true&plugin_status=all&paged=1&s=

    That comes from a link like

    /wp-admin/plugins.php?action=activate&plugin=types%2Fwpcf.php&plugin_status=all&paged=1&s&_wpnonce=e7f30a0090

    or like

    /wp-admin/plugins.php?action=deactivate&plugin=types%2Fwpcf.php&plugin_status=all&paged=1&s&_wpnonce=ae1c567616

    Suggestion to all plugin writers: specify &s=1 instead of &s (parameters should always have a value).

    https://wordpress.org/plugins/better-wp-security/

Reply

You must log in to post.

About this Plugin

About this Topic

  • RSS feed for this topic
  • Started 6 months ago by George Lerner
  • This topic is not resolved
  • WordPress version: 3.8.1