WP-Mix

A fresh mix of code snippets and tutorials

Simple Ajax Chat .htaccess whitelist

In general, chat scripts are huge targets for malicious activity. My chat plugin, Simple Ajax Chat is no exception, and includes strong security measures to protect against attack. Aimed at the free version of SAC, this quick tutorial shows a simple Apache/.htaccess technique to further strengthen plugin security.

★ New Pro version of Simple Ajax Chat! Check out SAC Pro ▸

Whitelist SAC files

Even with SAC’s strong security in place, it’s possible to take it a step further and really lock things down by “whitelisting” the plugin files. Doing so ensures that only legit requests for existing files will be met with 200 success, while all 404 and other bad requests are quietly denied access.

To implement the whitelist for SAC, add the following slice of .htaccess to the root .htaccess file of your website:

<FilesMatch "^(?:msg\.mp3|sac\.(?:css|php)|sac-logo\.png|simple-ajax-chat-core\.php)$">
	Order Allow,Deny
	Allow from all
</FilesMatch>

Note that this script is for SAC version 20160408 and better. For older versions, change simple-ajax-chat-core\.php to simple-ajax-chat\.php.

Also note, Apache 2.x or better is required for this to work. If in doubt, ask your host. Make sure to test thoroughly on your site before going live with this security technique.

Learn more

Digging Into WordPressWordPress Themes In DepthWizard’s SQL Recipes for WordPress