Secure URL Attacks

Noticed in our logs that a lot of the websites we operate are often targeted by Internet users that attempt to execute malicious scripts by hoping they can include an external page, we script to prevent this. But as an extra line of defense we use the following code in wp-config.php:

if (strpos($_SERVER['REQUEST_URI'] , "http://")){
exit;
}

If someone should try to include an external URL this stops them in their tracks, simple.

.html on PAGES plugin .html Wordpress permalink on PAGES plugin
Correct Title Case Correct Wordpress Title Case Function
Remove view all posts Strip 'view all posts filed under' from Cat Menu
Secure URL Attacks Help Secure Wordpress From URL Include Attacks
Develop Our Wordpress website development service
Projects Information on a small selection of our projects
Tips Some tips and ideas we would like to share
Wordpress Plugins and Functions for Wordpress Developers

3 Comments

Kishore Mylavarapu on the 10th of February 2011

Nice trick.Thank you.

Jackie on the 8th of November 2010

Works well

Leave a comment




Name and email address required, website must be related
08445 008 009