WordPress Code Snippets

A fresh mix of code snippets and tutorials

Whitelist POST access with .htaccess

153

Here is how to whitelist POST requests for a specific file. For example, you can protect chat, forum, and other heavily targeted scripts from malicious acitivity.

Using my plugin Simple Ajax Chat as an example, the main chat script simple-ajax-chat.php is well-secured, but it’s possible to go further. Consider the following slice of .htaccess:

When added to your site’s root .htaccess file, this technique ensures that POST requests for the specified file are allowed only if coming from your site, or if using a blank/empty user agent.

So to protect a different file or files, just change the simple-ajax-chat.php to whatever is required. Also don’t forget to change the domain name (currently http://wp-mix.com) to match your own.

Learn more

.htaccess made easy