Protect WordPress Against Malicious URL Requests

In early September, many WordPress sites were infected with Malicious codes. We wrote a quick fix for that issue which you can see in this post, but recently Jeff Starr from Perishable Press has come with a solution to protect WordPress from future attacks as well.

Simply open a new php file and paste the following codes:



Plugin Name: Block Bad Queries

Plugin URI:

Description: Protect WordPress Against Malicious URL Requests

Author URI:

Author: Perishable Press

Version: 1.0


global $user_ID; if($user_ID) {

if(!current_user_can( level_10 )) {

if (strlen($_SERVER[ REQUEST_URI ]) > 255 ||

strpos($_SERVER[ REQUEST_URI ],  eval( ) ||

strpos($_SERVER[ REQUEST_URI ],  CONCAT ) ||


strpos($_SERVER[ REQUEST_URI ],  base64 )) {

@header( HTTP/1.1 414 Request-URI Too Long );

@header( Status: 414 Request-URI Too Long );

@header( Connection: Close );




} ?>

Codes updated on Jan. 10, 2010.

Save this file and upload it in your plugin directory /wp-content/plugins/ and your work is done. This script will check for long strings as well as base64 code which was in the last attack and the eval( code which could be a threat in the future.

Once active, this plugin will silently and effectively close any connections for these sorts of injection-type attacks.

Source: Perishable Press

Leave a Reply

Your email address will not be published. Required fields are marked *