In general, chat scripts are huge targets for malicious activity. My chat plugin, Simple Ajax Chat is no exception, and includes strong security measures to protect against attack. Aimed at the free version of SAC, this quick tutorial shows a simple Apache/.htaccess technique to further strengthen plugin security.
Whitelist SAC files
Even with SAC’s strong security in place, it’s possible to take it a step further and really lock things down by “whitelisting” the plugin files. Doing so ensures that only legit requests for existing files will be met with 200 success, while all 404 and other bad requests are quietly denied access.
To implement the whitelist for SAC, add the following slice of .htaccess to the root .htaccess file of your website:
<FilesMatch "^(?:msg\.mp3|sac\.(?:css|php)|sac-logo\.png|simple-ajax-chat-core\.php)$"> Order Allow,Deny Allow from all </FilesMatch>
Note that this script is for SAC version 20160408 and better. For older versions, change
Also note, Apache 2.x or better is required for this to work. If in doubt, ask your host. Make sure to test thoroughly on your site before going live with this security technique.