Skip to content

Instantly share code, notes, and snippets.

@unix7

unix7/.htaccess - Prevent Script Injection

Created February 3, 2012 23:50
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save unix7/1733822 to your computer and use it in GitHub Desktop.
Save unix7/1733822 to your computer and use it in GitHub Desktop.
Download ZIP
.htaccess - Prevent Script Injection
Raw
.htaccess - Prevent Script Injection
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]
//Source: http://wp.smashingmagazine.com/2010/07/01/10-useful-wordpress-security-tweaks/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment