Bad guys are out there spamming, scraping, and hacking. If that wasn’t enough, “bots” have automated a lot of the evil processes. Yikes!!! If you are new to WordPress, or haven’t done this yet (What are you thinking?), get a security plugin for your site NOW!!! If you don’t, it’s only a matter of time before you are hacked.
In my last blog, I wrote about bots trying to carry out a pingback exploit on my WordPress site (you can read more about it…here). Still trying to “harden” my WordPress site, I found a htaccess Blacklist that adds an extra measure of security. If your site runs on Apache, and you are familiar with .htaccess, the htaccess Blacklist will help protect your site against evil exploits, bad requests, and other bad guy crap.
According to the htaccess Blacklist’s author:
“The 5G Blacklist is a simple, flexible blacklist that checks all URI requests against a series of carefully constructed HTAccess directives. This happens quietly behind the scenes at the server level, saving resources for stuff like PHP and MySQL for all blocked requests.
Blacklists can block just about any part of a request: IP, user agent, request string, query string, referrer, and everything in between. But IP addresses change constantly, and user agents and referrers are easily spoofed. As discussed, request strings yield the best results: greater protection with fewer false positives.
The 5G works beautifully with WordPress, and should help any site conserve bandwidth and server resources while protecting against malicious activity.”
You can find the htaccess Blacklist….here. Copy and paste the entire htaccess Blacklist into your root .htaccess file on your site. Don’t forget to backup your original .htaccess file before pasting the blacklist. There is also an addendum to the blacklist that you can find…here. In both instances, be sure to follow the author’s instructions exactly.
Sources:
5G Blacklist 2013 | Perishable Press
2014 Micro Blacklist | Perishable Press