How to use PHP code to prevent malicious URL requests on a WordPress site

Learn how to protect WordPress sites from malicious URL requests. This article explains how to use a short code snippet to protect WordPress sites from malicious URL requests.

Protecting your WordPress site from malicious URL requests

Always perform a backup before you make any changes to the theme files. If you break any codes, it will be easier to revert your site to its last good known state. Alternatively, you could also create a child theme. Read this link on how to create a child theme: https://www.a2hosting.com/blog/wordpress-child-theme/  

Follow the steps below to edit your Theme setting file to protect WordPress site from malicious URL requests:

  1. Log in to your WordPress site with an administrator account.
  2. On the Dashboard in the left sidebar, click Appearance, and then click Theme Editor:

  3.  

  4. On the Theme Editor , select the Theme you want to edit from the dropdown:

  5.  

  6. The files for this selected theme are listed on the right column under Theme Files. Click on the file named “functions.php”:

  7.  

  8. Insert the following code to the end of functions.php file and click Update File Button to save the changes:

    global $user_ID; if($user_ID) {
    
        if(!current_user_can('administrator')) {
    
            if (strlen($_SERVER['REQUEST_URI']) > 255 ||
    
                stripos($_SERVER['REQUEST_URI'], "eval(") ||
    
                stripos($_SERVER['REQUEST_URI'], "CONCAT") ||
    
                stripos($_SERVER['REQUEST_URI'], "UNION+SELECT") ||
    
                stripos($_SERVER['REQUEST_URI'], "base64")) {
    
                    @header("HTTP/1.1 414 Request-URI Too Long");
    
                    @header("Status: 414 Request-URI Too Long");
    
                    @header("Connection: Close");
    
                    @exit;
    
            }
    
        }
    
    }
  9.  

Get Managed WordPress Hosting

Article Details

Other Articles in This Category

Show More

Related Articles

Show More

Did you find this article helpful? Then you'll love our support. Experience the A2 Hosting difference today and get a pre-secured, pre-optimized website. Check out our web hosting plans today.

We use cookies to personalize the website for you and to analyze the use of our website. You consent to this by clicking on "I consent" or by continuing your use of this website. Further information about cookies can be found in our Privacy Policy.