Skip to content

Instantly share code, notes, and snippets.

@ethanliew

ethanliew/.htaccess - Prevent Script Injection

Forked from unix7/.htaccess - Prevent Script Injection
Created February 5, 2018 03:45
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ethanliew/c85258536ce5b326660f004a7cde06d8 to your computer and use it in GitHub Desktop.
Save ethanliew/c85258536ce5b326660f004a7cde06d8 to your computer and use it in GitHub Desktop.
Download ZIP
.htaccess - Prevent Script Injection
Raw
.htaccess - Prevent Script Injection
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]
//Source: http://wp.smashingmagazine.com/2010/07/01/10-useful-wordpress-security-tweaks/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment