WP-Mix

A fresh mix of code snippets and tutorials

Block XSS with .htaccess

Quick snippet today that you can add to your .htaccess file to block some common XSS (cross-site scripting) attacks.

To protect against script injections and attempts to modify PHP’s global and request variables, add the following code to your site’s root .htaccess file:

<IfModule mod_rewrite.c>
	RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
	RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
	RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
	RewriteRule .* index.php [F,L]
</IfModule>

Remember to backup and test thoroughly.

Learn more

.htaccess made easy

WordPress Resources

[ Blackhole Pro: Trap and Block Bad Bots ] [ Banhammer Pro: Hammer the Enemy ] [ Digging Into WordPress ] [ WordPress Themes In Depth ] [ GA Pro: WordPress + Google Analytics ] [ SAC Pro: WordPress Chat Plugin ]

Subscribe to WP-Mix

Project Demos

Popular Posts

Recent Posts

Random Posts

RSS Feed

Grab the RSS Feed ›

1532 readers
Feed Statistics
About the Author

Jeff Starr is a professional developer, designer, author, and publisher with over 15 years of experience. He writes books and tutorials, develops plugins, and runs his own business.

About the Site

WP-Mix is where I share code snippets, tricks, and tips. WP-Mix was launched in October 2012, and now features 414 posts. You can check out the latest post published on Aug 29, 2024. Learn more ›

Contact

A few ways to connect:

© 2012–2024 Monzilla Media shapeSpace Sitemap Feed Privacy Made in the USA