Whitelist POST access with .htaccess
Here is how to whitelist POST requests for a specific file. For example, you can protect chat, forum, and other heavily targeted scripts from malicious acitivity.
Using my plugin Simple Ajax Chat as an example, the main chat script simple-ajax-chat-core.php is well-secured, but it’s possible to go further. Consider the following slice of .htaccess:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} simple-ajax-chat-core.php
RewriteCond %{HTTP_REFERER} !^https://wp-mix.com [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule .* - [F,L]
</IfModule>When added to your site’s root .htaccess file, this technique ensures that POST requests for the specified file are allowed only if coming from your site, or if using a blank/empty user agent. It’s the same technique that’s used to block no-referrer requests for WordPress.
Note that this script is for SAC version 20160408 and better. For older versions, change simple-ajax-chat-core.php to simple-ajax-chat.php.
Tip: to use this technique to protect a different file, just change the simple-ajax-chat-core.php to the name of your file. Also don’t forget to change the domain name (currently https://wp-mix.com) to match your own.
Learn more
WordPress Resources
![[ .htaccess made easy ]](/wp/wp-content/uploads/go/250x250-htaccess-made-easy.jpg)
![[ BBQ Pro: Advanced WordPress Firewall ]](/wp/wp-content/uploads/go/250x250-bbq-pro.jpg)
![[ Digging Into WordPress ]](/wp/wp-content/uploads/go/250x250-digging-into-wordpress.jpg)
![[ GA Pro: WordPress + Google Analytics ]](/wp/wp-content/uploads/go/250x250-ga-pro.jpg)
![[ Blackhole Pro: Trap and Block Bad Bots ]](/wp/wp-content/uploads/go/250x250-blackhole-pro.jpg)
![[ The Tao of WordPress ]](/wp/wp-content/uploads/go/250x250-tao-of-wordpress.jpg)