WordPress Code Snippets

A fresh mix of code snippets and tutorials

Whitelist POST access with .htaccess


Here is how to whitelist POST requests for a specific file. For example, you can protect chat, forum, and other heavily targeted scripts from malicious acitivity.

Using my plugin Simple Ajax Chat as an example, the main chat script simple-ajax-chat.php is well-secured, but it’s possible to go further. Consider the following slice of .htaccess:

When added to your site’s root .htaccess file, this technique ensures that POST requests for the specified file are allowed only if coming from your site, or if using a blank/empty user agent.

So to protect a different file or files, just change the simple-ajax-chat.php to whatever is required. Also don’t forget to change the domain name (currently https://wp-mix.com) to match your own.

Learn more

.htaccess made easy

Show Support

Like our new Facebook Page to show support!