How to block script injections on WordPress?

Use the following code on your .htaccess file to prevent hackers from using the PHP GLOBALS and _REQUEST variables to inject any malicious scripts into your website to gain access to your WordPress admin area.

# BEGIN Protect Against Script Injections 

Options +FollowSymLinks 
RewriteEngine On 
RewriteCond %{QUERY_STRING} ((left pointy bracket)|%3C).*script.*((right pointy bracket)|%3E) [NC,OR] 
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR] 
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2}) 
RewriteRule ^(.*)$ index.php [F,L]

# END Protect Against Script Injections
  • script, injections, wordpress
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How do I install WordPress?

If you have taken out our shared hosting or reseller hosting WordPress is not installed...

How to view a WordPress installation on WordPress Toolkit?

All of our web hosting plans come with access to the WordPress Toolkit plugin on cPanel. With...

How to add a new plugin in WordPress?

Adding a new plugin in WordPress can be done in a number of ways. The easiest of which is...

How to deactivate WordPress plugins via FTP?

Sometimes you may not have access to your WordPress admin area. This could be due to errors...

How to deactivate WordPress plugins via File Manager?

Sometimes you may not have access to your WordPress admin area. This could be due to errors...