10 more tricks to protect Wordpress'a
Today Wordpress is more popular than ever. Blogs, mini-sites, and even entire portals - all this is built on the basis of such a convenient engine-designer as Wordpress. But behind the convenience and ease of development lie, above all, issues related to the security of your site. Greater prevalence - more attention of intruders.
This article describes ten simple tricks that will make your site on Wordpress'e even more secure and allow you to sleep better at night.
1. Protecting Wordpress from XSS Injection
What is the problem?
Programmers always try to protect
GET- and POST- requests, however, sometimes this is not enough. You need to protect your blog from XSS injections and attempts to modify the GLOBALS and _REQUEST .
What are we doing?
This code blocks the use of XSS injections and attempts to modify the
GLOBALS and _REQUEST . Paste the code into your .htaccess file located at the root of the site. (And do not forget to backup this file before making any changes).
')
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]
How it works?
The code allows you to check all requests. If the request contains a tag
GLOBALS _REQUEST , 403- .
2.
?
Wordpress'a , . , , – ? .
?
functions.php , ( wp-content/themes/--/ ) :
add_filter('login_errors',create_function('$a', "return null;"));
. – .
?
login_errors() . , , , , — , .
3. SSL
?
, , SSL—, . Wordpress'e .
?
, SSL. , wp-config.php ( ) :
define('FORCE_SSL_ADMIN', true);
?
. Wordpress FORCE_SSL_ADMIN . SSL .
4. .htaccess wp-config
?
wp-config.php , MySQL . – .
?
.htaccess :
<files wp-config.php>
order allow,deny
deny from all
</files>
?
. .
5. Wordpress'a
?
Wordpress . , . , Wordpress'a , - . ? , .
?
functions.php , ( wp-content/themes/--/ ) -
remove_action('wp_head', 'wp_generator');
?
Wordpress'a . – .
+ rOOse , readme.html, . Wordpress'a.
6.
?
. – IP. , -, , .
?
.htaccess . 123.456.789 IP
<Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
?
apache. .htaccess e IP. -? , -
deny from 93.121.788
7. url-
?
. Wordpress , .
?
blockbadqueries.php wp-content/plugins . .
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests
Description: Protect WordPress Against Malicious URL Requests
Author URI: perishablepress.com
Author: Perishable Press
Version: 1.0
*/
global $user_ID;
if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?>
?
– ( 255 ) php- eval base64 URI. - , 414.
8. !
?
, , . , , «». , - , - -! --… , aka , aka « ».
?
apache . .htaccess :
RewriteEngine On
# ?mysite\.ru/
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.ru/ [NC]
RewriteCond %{HTTP_REFERER} !^$
# /images/nohotlink.jpg « …»
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
?
— , . «» — - .
9. . ( «admin»)!
?
, . — « admin ».
, Wordpress 3.0 , . .
?
:
UPDATE wp_users SET user_login = ' ' WHERE user_login = 'Admin';
?
sql- . , «». , admin ' . admin 'a , :
UPDATE wp_posts SET post_author = ' ' WHERE post_author = 'admin';
10.
?
. , www..ru/wp-includes , . , .
?
index.html , . .htaccess :
Options All -Indexes
?
index.html , . .htaccess .GLOBALS _REQUEST , 403- .
2.
?
Wordpress'a , . , , – ? .
?
functions.php , ( wp-content/themes/--/ ) :
add_filter('login_errors',create_function('$a', "return null;"));
. – .
?
login_errors() . , , , , — , .
3. SSL
?
, , SSL—, . Wordpress'e .
?
, SSL. , wp-config.php ( ) :
define('FORCE_SSL_ADMIN', true);
?
. Wordpress FORCE_SSL_ADMIN . SSL .
4. .htaccess wp-config
?
wp-config.php , MySQL . – .
?
.htaccess :
<files wp-config.php>
order allow,deny
deny from all
</files>
?
. .
5. Wordpress'a
?
Wordpress . , . , Wordpress'a , - . ? , .
?
functions.php , ( wp-content/themes/--/ ) -
remove_action('wp_head', 'wp_generator');
?
Wordpress'a . – .
+ rOOse , readme.html, . Wordpress'a.
6.
?
. – IP. , -, , .
?
.htaccess . 123.456.789 IP
<Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
?
apache. .htaccess e IP. -? , -
deny from 93.121.788
7. url-
?
. Wordpress , .
?
blockbadqueries.php wp-content/plugins . .
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests
Description: Protect WordPress Against Malicious URL Requests
Author URI: perishablepress.com
Author: Perishable Press
Version: 1.0
*/
global $user_ID;
if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?>
?
– ( 255 ) php- eval base64 URI. - , 414.
8. !
?
, , . , , «». , - , - -! --… , aka , aka « ».
?
apache . .htaccess :
RewriteEngine On
# ?mysite\.ru/
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.ru/ [NC]
RewriteCond %{HTTP_REFERER} !^$
# /images/nohotlink.jpg « …»
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
?
— , . «» — - .
9. . ( «admin»)!
?
, . — « admin ».
, Wordpress 3.0 , . .
?
:
UPDATE wp_users SET user_login = ' ' WHERE user_login = 'Admin';
?
sql- . , «». , admin ' . admin 'a , :
UPDATE wp_posts SET post_author = ' ' WHERE post_author = 'admin';
10.
?
. , www..ru/wp-includes , . , .
?
index.html , . .htaccess :
Options All -Indexes
?
index.html , . .htaccess .GLOBALS _REQUEST , 403- .
2.
?
Wordpress'a , . , , – ? .
?
functions.php , ( wp-content/themes/--/ ) :
add_filter('login_errors',create_function('$a', "return null;"));
. – .
?
login_errors() . , , , , — , .
3. SSL
?
, , SSL—, . Wordpress'e .
?
, SSL. , wp-config.php ( ) :
define('FORCE_SSL_ADMIN', true);
?
. Wordpress FORCE_SSL_ADMIN . SSL .
4. .htaccess wp-config
?
wp-config.php , MySQL . – .
?
.htaccess :
<files wp-config.php>
order allow,deny
deny from all
</files>
?
. .
5. Wordpress'a
?
Wordpress . , . , Wordpress'a , - . ? , .
?
functions.php , ( wp-content/themes/--/ ) -
remove_action('wp_head', 'wp_generator');
?
Wordpress'a . – .
+ rOOse , readme.html, . Wordpress'a.
6.
?
. – IP. , -, , .
?
.htaccess . 123.456.789 IP
<Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
?
apache. .htaccess e IP. -? , -
deny from 93.121.788
7. url-
?
. Wordpress , .
?
blockbadqueries.php wp-content/plugins . .
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests
Description: Protect WordPress Against Malicious URL Requests
Author URI: perishablepress.com
Author: Perishable Press
Version: 1.0
*/
global $user_ID;
if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?>
?
– ( 255 ) php- eval base64 URI. - , 414.
8. !
?
, , . , , «». , - , - -! --… , aka , aka « ».
?
apache . .htaccess :
RewriteEngine On
# ?mysite\.ru/
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.ru/ [NC]
RewriteCond %{HTTP_REFERER} !^$
# /images/nohotlink.jpg « …»
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
?
— , . «» — - .
9. . ( «admin»)!
?
, . — « admin ».
, Wordpress 3.0 , . .
?
:
UPDATE wp_users SET user_login = ' ' WHERE user_login = 'Admin';
?
sql- . , «». , admin ' . admin 'a , :
UPDATE wp_posts SET post_author = ' ' WHERE post_author = 'admin';
10.
?
. , www..ru/wp-includes , . , .
?
index.html , . .htaccess :
Options All -Indexes
?
index.html , . .htaccess .
GLOBALS _REQUEST , 403- .
2.
?
Wordpress'a , . , , – ? .
?
functions.php , ( wp-content/themes/--/ ) :
add_filter('login_errors',create_function('$a', "return null;"));
. – .
?
login_errors() . , , , , — , .
3. SSL
?
, , SSL—, . Wordpress'e .
?
, SSL. , wp-config.php ( ) :
define('FORCE_SSL_ADMIN', true);
?
. Wordpress
FORCE_SSL_ADMIN . SSL .
4. .htaccess wp-config
?
wp-config.php , MySQL . – .
?
.htaccess :
<files wp-config.php>
order allow,deny
deny from all
</files>
?
. .
5. Wordpress'a
?
Wordpress . , . , Wordpress'a , - . ? , .
?
functions.php , ( wp-content/themes/--/ ) -
remove_action('wp_head', 'wp_generator');
?
Wordpress'a . – .
+ rOOse , readme.html, . Wordpress'a.
6.
?
. – IP. , -, , .
?
.htaccess .
123.456.789 IP <Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
?
apache. .htaccess e IP. -? , -
deny from 93.121.788
7. url-
?
. Wordpress , .
?
blockbadqueries.php
wp-content/plugins . .
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests
Description: Protect WordPress Against Malicious URL Requests
Author URI: perishablepress.com
Author: Perishable Press
Version: 1.0
*/
global $user_ID;
if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?>
?
– ( 255 ) php-
eval base64 URI. - , 414.
8. !
?
, , . , , «». , - , - -! --… , aka , aka « ».
?
apache . .htaccess :
RewriteEngine On
# ?mysite\.ru/
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.ru/ [NC]
RewriteCond %{HTTP_REFERER} !^$
# /images/nohotlink.jpg « …»
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
?
— , . «» — - .
9. . ( «admin»)!
?
, . — « admin ».
, Wordpress 3.0 , . .
?
:
UPDATE wp_users SET user_login = ' ' WHERE user_login = 'Admin';
?
sql- . , «». , admin ' . admin 'a , :
UPDATE wp_posts SET post_author = ' ' WHERE post_author = 'admin';
10.
?
. ,
www..ru/wp-includes , . , .
?
index.html , . .htaccess :
Options All -Indexes
?
index.html , . .htaccess .
GLOBALS _REQUEST , 403- .
2.
?
Wordpress'a , . , , – ? .
?
functions.php , ( wp-content/themes/--/ ) :
add_filter('login_errors',create_function('$a', "return null;"));
. – .
?
login_errors() . , , , , — , .
3. SSL
?
, , SSL—, . Wordpress'e .
?
, SSL. , wp-config.php ( ) :
define('FORCE_SSL_ADMIN', true);
?
. Wordpress FORCE_SSL_ADMIN . SSL .
4. .htaccess wp-config
?
wp-config.php , MySQL . – .
?
.htaccess :
<files wp-config.php>
order allow,deny
deny from all
</files>
?
. .
5. Wordpress'a
?
Wordpress . , . , Wordpress'a , - . ? , .
?
functions.php , ( wp-content/themes/--/ ) -
remove_action('wp_head', 'wp_generator');
?
Wordpress'a . – .
+ rOOse , readme.html, . Wordpress'a.
6.
?
. – IP. , -, , .
?
.htaccess . 123.456.789 IP
<Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
?
apache. .htaccess e IP. -? , -
deny from 93.121.788
7. url-
?
. Wordpress , .
?
blockbadqueries.php wp-content/plugins . .
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests
Description: Protect WordPress Against Malicious URL Requests
Author URI: perishablepress.com
Author: Perishable Press
Version: 1.0
*/
global $user_ID;
if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?>
?
– ( 255 ) php- eval base64 URI. - , 414.
8. !
?
, , . , , «». , - , - -! --… , aka , aka « ».
?
apache . .htaccess :
RewriteEngine On
# ?mysite\.ru/
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.ru/ [NC]
RewriteCond %{HTTP_REFERER} !^$
# /images/nohotlink.jpg « …»
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
?
— , . «» — - .
9. . ( «admin»)!
?
, . — « admin ».
, Wordpress 3.0 , . .
?
:
UPDATE wp_users SET user_login = ' ' WHERE user_login = 'Admin';
?
sql- . , «». , admin ' . admin 'a , :
UPDATE wp_posts SET post_author = ' ' WHERE post_author = 'admin';
10.
?
. , www..ru/wp-includes , . , .
?
index.html , . .htaccess :
Options All -Indexes
?
index.html , . .htaccess .GLOBALS _REQUEST , 403- .
2.
?
Wordpress'a , . , , – ? .
?
functions.php , ( wp-content/themes/--/ ) :
add_filter('login_errors',create_function('$a', "return null;"));
. – .
?
login_errors() . , , , , — , .
3. SSL
?
, , SSL—, . Wordpress'e .
?
, SSL. , wp-config.php ( ) :
define('FORCE_SSL_ADMIN', true);
?
. Wordpress FORCE_SSL_ADMIN . SSL .
4. .htaccess wp-config
?
wp-config.php , MySQL . – .
?
.htaccess :
<files wp-config.php>
order allow,deny
deny from all
</files>
?
. .
5. Wordpress'a
?
Wordpress . , . , Wordpress'a , - . ? , .
?
functions.php , ( wp-content/themes/--/ ) -
remove_action('wp_head', 'wp_generator');
?
Wordpress'a . – .
+ rOOse , readme.html, . Wordpress'a.
6.
?
. – IP. , -, , .
?
.htaccess . 123.456.789 IP
<Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
?
apache. .htaccess e IP. -? , -
deny from 93.121.788
7. url-
?
. Wordpress , .
?
blockbadqueries.php wp-content/plugins . .
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests
Description: Protect WordPress Against Malicious URL Requests
Author URI: perishablepress.com
Author: Perishable Press
Version: 1.0
*/
global $user_ID;
if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?>
?
– ( 255 ) php- eval base64 URI. - , 414.
8. !
?
, , . , , «». , - , - -! --… , aka , aka « ».
?
apache . .htaccess :
RewriteEngine On
# ?mysite\.ru/
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.ru/ [NC]
RewriteCond %{HTTP_REFERER} !^$
# /images/nohotlink.jpg « …»
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
?
— , . «» — - .
9. . ( «admin»)!
?
, . — « admin ».
, Wordpress 3.0 , . .
?
:
UPDATE wp_users SET user_login = ' ' WHERE user_login = 'Admin';
?
sql- . , «». , admin ' . admin 'a , :
UPDATE wp_posts SET post_author = ' ' WHERE post_author = 'admin';
10.
?
. , www..ru/wp-includes , . , .
?
index.html , . .htaccess :
Options All -Indexes
?
index.html , . .htaccess .
GLOBALS _REQUEST , 403- .
2.
?
Wordpress'a , . , , – ? .
?
functions.php , ( wp-content/themes/--/ ) :
add_filter('login_errors',create_function('$a', "return null;"));
. – .
?
login_errors() . , , , , — , .
3. SSL
?
, , SSL—, . Wordpress'e .
?
, SSL. , wp-config.php ( ) :
define('FORCE_SSL_ADMIN', true);
?
. Wordpress
FORCE_SSL_ADMIN . SSL .
4. .htaccess wp-config
?
wp-config.php , MySQL . – .
?
.htaccess :
<files wp-config.php>
order allow,deny
deny from all
</files>
?
. .
5. Wordpress'a
?
Wordpress . , . , Wordpress'a , - . ? , .
?
functions.php , ( wp-content/themes/--/ ) -
remove_action('wp_head', 'wp_generator');
?
Wordpress'a . – .
+ rOOse , readme.html, . Wordpress'a.
6.
?
. – IP. , -, , .
?
.htaccess .
123.456.789 IP <Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
?
apache. .htaccess e IP. -? , -
deny from 93.121.788
7. url-
?
. Wordpress , .
?
blockbadqueries.php
wp-content/plugins . .
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests
Description: Protect WordPress Against Malicious URL Requests
Author URI: perishablepress.com
Author: Perishable Press
Version: 1.0
*/
global $user_ID;
if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?>
?
– ( 255 ) php-
eval base64 URI. - , 414.
8. !
?
, , . , , «». , - , - -! --… , aka , aka « ».
?
apache . .htaccess :
RewriteEngine On
# ?mysite\.ru/
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.ru/ [NC]
RewriteCond %{HTTP_REFERER} !^$
# /images/nohotlink.jpg « …»
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
?
— , . «» — - .
9. . ( «admin»)!
?
, . — « admin ».
, Wordpress 3.0 , . .
?
:
UPDATE wp_users SET user_login = ' ' WHERE user_login = 'Admin';
?
sql- . , «». , admin ' . admin 'a , :
UPDATE wp_posts SET post_author = ' ' WHERE post_author = 'admin';
10.
?
. ,
www..ru/wp-includes , . , .
?
index.html , . .htaccess :
Options All -Indexes
?
index.html , . .htaccess .
GLOBALS _REQUEST , 403- .
2.
?
Wordpress'a , . , , – ? .
?
functions.php , ( wp-content/themes/--/ ) :
add_filter('login_errors',create_function('$a', "return null;"));
. – .
?
login_errors() . , , , , — , .
3. SSL
?
, , SSL—, . Wordpress'e .
?
, SSL. , wp-config.php ( ) :
define('FORCE_SSL_ADMIN', true);
?
. Wordpress FORCE_SSL_ADMIN . SSL .
4. .htaccess wp-config
?
wp-config.php , MySQL . – .
?
.htaccess :
<files wp-config.php>
order allow,deny
deny from all
</files>
?
. .
5. Wordpress'a
?
Wordpress . , . , Wordpress'a , - . ? , .
?
functions.php , ( wp-content/themes/--/ ) -
remove_action('wp_head', 'wp_generator');
?
Wordpress'a . – .
+ rOOse , readme.html, . Wordpress'a.
6.
?
. – IP. , -, , .
?
.htaccess . 123.456.789 IP
<Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
?
apache. .htaccess e IP. -? , -
deny from 93.121.788
7. url-
?
. Wordpress , .
?
blockbadqueries.php wp-content/plugins . .
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests
Description: Protect WordPress Against Malicious URL Requests
Author URI: perishablepress.com
Author: Perishable Press
Version: 1.0
*/
global $user_ID;
if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?>
?
– ( 255 ) php- eval base64 URI. - , 414.
8. !
?
, , . , , «». , - , - -! --… , aka , aka « ».
?
apache . .htaccess :
RewriteEngine On
# ?mysite\.ru/
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.ru/ [NC]
RewriteCond %{HTTP_REFERER} !^$
# /images/nohotlink.jpg « …»
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
?
— , . «» — - .
9. . ( «admin»)!
?
, . — « admin ».
, Wordpress 3.0 , . .
?
:
UPDATE wp_users SET user_login = ' ' WHERE user_login = 'Admin';
?
sql- . , «». , admin ' . admin 'a , :
UPDATE wp_posts SET post_author = ' ' WHERE post_author = 'admin';
10.
?
. , www..ru/wp-includes , . , .
?
index.html , . .htaccess :
Options All -Indexes
?
index.html , . .htaccess .GLOBALS _REQUEST , 403- .
2.
?
Wordpress'a , . , , – ? .
?
functions.php , ( wp-content/themes/--/ ) :
add_filter('login_errors',create_function('$a', "return null;"));
. – .
?
login_errors() . , , , , — , .
3. SSL
?
, , SSL—, . Wordpress'e .
?
, SSL. , wp-config.php ( ) :
define('FORCE_SSL_ADMIN', true);
?
. Wordpress FORCE_SSL_ADMIN . SSL .
4. .htaccess wp-config
?
wp-config.php , MySQL . – .
?
.htaccess :
<files wp-config.php>
order allow,deny
deny from all
</files>
?
. .
5. Wordpress'a
?
Wordpress . , . , Wordpress'a , - . ? , .
?
functions.php , ( wp-content/themes/--/ ) -
remove_action('wp_head', 'wp_generator');
?
Wordpress'a . – .
+ rOOse , readme.html, . Wordpress'a.
6.
?
. – IP. , -, , .
?
.htaccess . 123.456.789 IP
<Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
?
apache. .htaccess e IP. -? , -
deny from 93.121.788
7. url-
?
. Wordpress , .
?
blockbadqueries.php wp-content/plugins . .
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests
Description: Protect WordPress Against Malicious URL Requests
Author URI: perishablepress.com
Author: Perishable Press
Version: 1.0
*/
global $user_ID;
if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?>
?
– ( 255 ) php- eval base64 URI. - , 414.
8. !
?
, , . , , «». , - , - -! --… , aka , aka « ».
?
apache . .htaccess :
RewriteEngine On
# ?mysite\.ru/
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.ru/ [NC]
RewriteCond %{HTTP_REFERER} !^$
# /images/nohotlink.jpg « …»
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
?
— , . «» — - .
9. . ( «admin»)!
?
, . — « admin ».
, Wordpress 3.0 , . .
?
:
UPDATE wp_users SET user_login = ' ' WHERE user_login = 'Admin';
?
sql- . , «». , admin ' . admin 'a , :
UPDATE wp_posts SET post_author = ' ' WHERE post_author = 'admin';
10.
?
. , www..ru/wp-includes , . , .
?
index.html , . .htaccess :
Options All -Indexes
?
index.html , . .htaccess .
GLOBALS _REQUEST , 403- .
2.
?
Wordpress'a , . , , – ? .
?
functions.php , ( wp-content/themes/--/ ) :
add_filter('login_errors',create_function('$a', "return null;"));
. – .
?
login_errors() . , , , , — , .
3. SSL
?
, , SSL—, . Wordpress'e .
?
, SSL. , wp-config.php ( ) :
define('FORCE_SSL_ADMIN', true);
?
. Wordpress
FORCE_SSL_ADMIN . SSL .
4. .htaccess wp-config
?
wp-config.php , MySQL . – .
?
.htaccess :
<files wp-config.php>
order allow,deny
deny from all
</files>
?
. .
5. Wordpress'a
?
Wordpress . , . , Wordpress'a , - . ? , .
?
functions.php , ( wp-content/themes/--/ ) -
remove_action('wp_head', 'wp_generator');
?
Wordpress'a . – .
+ rOOse , readme.html, . Wordpress'a.
6.
?
. – IP. , -, , .
?
.htaccess .
123.456.789 IP <Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
?
apache. .htaccess e IP. -? , -
deny from 93.121.788
7. url-
?
. Wordpress , .
?
blockbadqueries.php
wp-content/plugins . .
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests
Description: Protect WordPress Against Malicious URL Requests
Author URI: perishablepress.com
Author: Perishable Press
Version: 1.0
*/
global $user_ID;
if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?>
?
– ( 255 ) php-
eval base64 URI. - , 414.
8. !
?
, , . , , «». , - , - -! --… , aka , aka « ».
?
apache . .htaccess :
RewriteEngine On
# ?mysite\.ru/
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.ru/ [NC]
RewriteCond %{HTTP_REFERER} !^$
# /images/nohotlink.jpg « …»
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
?
— , . «» — - .
9. . ( «admin»)!
?
, . — « admin ».
, Wordpress 3.0 , . .
?
:
UPDATE wp_users SET user_login = ' ' WHERE user_login = 'Admin';
?
sql- . , «». , admin ' . admin 'a , :
UPDATE wp_posts SET post_author = ' ' WHERE post_author = 'admin';
10.
?
. ,
www..ru/wp-includes , . , .
?
index.html , . .htaccess :
Options All -Indexes
?
index.html , . .htaccess .
GLOBALS _REQUEST , 403- .
2.
?
Wordpress'a , . , , – ? .
?
functions.php , ( wp-content/themes/--/ ) :
add_filter('login_errors',create_function('$a', "return null;"));
. – .
?
login_errors() . , , , , — , .
3. SSL
?
, , SSL—, . Wordpress'e .
?
, SSL. , wp-config.php ( ) :
define('FORCE_SSL_ADMIN', true);
?
. Wordpress FORCE_SSL_ADMIN . SSL .
4. .htaccess wp-config
?
wp-config.php , MySQL . – .
?
.htaccess :
<files wp-config.php>
order allow,deny
deny from all
</files>
?
. .
5. Wordpress'a
?
Wordpress . , . , Wordpress'a , - . ? , .
?
functions.php , ( wp-content/themes/--/ ) -
remove_action('wp_head', 'wp_generator');
?
Wordpress'a . – .
+ rOOse , readme.html, . Wordpress'a.
6.
?
. – IP. , -, , .
?
.htaccess . 123.456.789 IP
<Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
?
apache. .htaccess e IP. -? , -
deny from 93.121.788
7. url-
?
. Wordpress , .
?
blockbadqueries.php wp-content/plugins . .
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests
Description: Protect WordPress Against Malicious URL Requests
Author URI: perishablepress.com
Author: Perishable Press
Version: 1.0
*/
global $user_ID;
if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?>
?
– ( 255 ) php- eval base64 URI. - , 414.
8. !
?
, , . , , «». , - , - -! --… , aka , aka « ».
?
apache . .htaccess :
RewriteEngine On
# ?mysite\.ru/
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.ru/ [NC]
RewriteCond %{HTTP_REFERER} !^$
# /images/nohotlink.jpg « …»
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
?
— , . «» — - .
9. . ( «admin»)!
?
, . — « admin ».
, Wordpress 3.0 , . .
?
:
UPDATE wp_users SET user_login = ' ' WHERE user_login = 'Admin';
?
sql- . , «». , admin ' . admin 'a , :
UPDATE wp_posts SET post_author = ' ' WHERE post_author = 'admin';
10.
?
. , www..ru/wp-includes , . , .
?
index.html , . .htaccess :
Options All -Indexes
?
index.html , . .htaccess .GLOBALS _REQUEST , 403- .
2.
?
Wordpress'a , . , , – ? .
?
functions.php , ( wp-content/themes/--/ ) :
add_filter('login_errors',create_function('$a', "return null;"));
. – .
?
login_errors() . , , , , — , .
3. SSL
?
, , SSL—, . Wordpress'e .
?
, SSL. , wp-config.php ( ) :
define('FORCE_SSL_ADMIN', true);
?
. Wordpress FORCE_SSL_ADMIN . SSL .
4. .htaccess wp-config
?
wp-config.php , MySQL . – .
?
.htaccess :
<files wp-config.php>
order allow,deny
deny from all
</files>
?
. .
5. Wordpress'a
?
Wordpress . , . , Wordpress'a , - . ? , .
?
functions.php , ( wp-content/themes/--/ ) -
remove_action('wp_head', 'wp_generator');
?
Wordpress'a . – .
+ rOOse , readme.html, . Wordpress'a.
6.
?
. – IP. , -, , .
?
.htaccess . 123.456.789 IP
<Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
?
apache. .htaccess e IP. -? , -
deny from 93.121.788
7. url-
?
. Wordpress , .
?
blockbadqueries.php wp-content/plugins . .
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests
Description: Protect WordPress Against Malicious URL Requests
Author URI: perishablepress.com
Author: Perishable Press
Version: 1.0
*/
global $user_ID;
if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?>
?
– ( 255 ) php- eval base64 URI. - , 414.
8. !
?
, , . , , «». , - , - -! --… , aka , aka « ».
?
apache . .htaccess :
RewriteEngine On
# ?mysite\.ru/
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.ru/ [NC]
RewriteCond %{HTTP_REFERER} !^$
# /images/nohotlink.jpg « …»
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
?
— , . «» — - .
9. . ( «admin»)!
?
, . — « admin ».
, Wordpress 3.0 , . .
?
:
UPDATE wp_users SET user_login = ' ' WHERE user_login = 'Admin';
?
sql- . , «». , admin ' . admin 'a , :
UPDATE wp_posts SET post_author = ' ' WHERE post_author = 'admin';
10.
?
. , www..ru/wp-includes , . , .
?
index.html , . .htaccess :
Options All -Indexes
?
index.html , . .htaccess .
GLOBALS _REQUEST , 403- .
2.
?
Wordpress'a , . , , – ? .
?
functions.php , ( wp-content/themes/--/ ) :
add_filter('login_errors',create_function('$a', "return null;"));
. – .
?
login_errors() . , , , , — , .
3. SSL
?
, , SSL—, . Wordpress'e .
?
, SSL. , wp-config.php ( ) :
define('FORCE_SSL_ADMIN', true);
?
. Wordpress
FORCE_SSL_ADMIN . SSL .
4. .htaccess wp-config
?
wp-config.php , MySQL . – .
?
.htaccess :
<files wp-config.php>
order allow,deny
deny from all
</files>
?
. .
5. Wordpress'a
?
Wordpress . , . , Wordpress'a , - . ? , .
?
functions.php , ( wp-content/themes/--/ ) -
remove_action('wp_head', 'wp_generator');
?
Wordpress'a . – .
+ rOOse , readme.html, . Wordpress'a.
6.
?
. – IP. , -, , .
?
.htaccess .
123.456.789 IP <Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
?
apache. .htaccess e IP. -? , -
deny from 93.121.788
7. url-
?
. Wordpress , .
?
blockbadqueries.php
wp-content/plugins . .
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests
Description: Protect WordPress Against Malicious URL Requests
Author URI: perishablepress.com
Author: Perishable Press
Version: 1.0
*/
global $user_ID;
if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?>
?
– ( 255 ) php-
eval base64 URI. - , 414.
8. !
?
, , . , , «». , - , - -! --… , aka , aka « ».
?
apache . .htaccess :
RewriteEngine On
# ?mysite\.ru/
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.ru/ [NC]
RewriteCond %{HTTP_REFERER} !^$
# /images/nohotlink.jpg « …»
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
?
— , . «» — - .
9. . ( «admin»)!
?
, . — « admin ».
, Wordpress 3.0 , . .
?
:
UPDATE wp_users SET user_login = ' ' WHERE user_login = 'Admin';
?
sql- . , «». , admin ' . admin 'a , :
UPDATE wp_posts SET post_author = ' ' WHERE post_author = 'admin';
10.
?
. ,
www..ru/wp-includes , . , .
?
index.html , . .htaccess :
Options All -Indexes
?
index.html , . .htaccess .
GLOBALS _REQUEST , 403- .
2.
?
Wordpress'a , . , , – ? .
?
functions.php , ( wp-content/themes/--/ ) :
add_filter('login_errors',create_function('$a', "return null;"));
. – .
?
login_errors() . , , , , — , .
3. SSL
?
, , SSL—, . Wordpress'e .
?
, SSL. , wp-config.php ( ) :
define('FORCE_SSL_ADMIN', true);
?
. Wordpress FORCE_SSL_ADMIN . SSL .
4. .htaccess wp-config
?
wp-config.php , MySQL . – .
?
.htaccess :
<files wp-config.php>
order allow,deny
deny from all
</files>
?
. .
5. Wordpress'a
?
Wordpress . , . , Wordpress'a , - . ? , .
?
functions.php , ( wp-content/themes/--/ ) -
remove_action('wp_head', 'wp_generator');
?
Wordpress'a . – .
+ rOOse , readme.html, . Wordpress'a.
6.
?
. – IP. , -, , .
?
.htaccess . 123.456.789 IP
<Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
?
apache. .htaccess e IP. -? , -
deny from 93.121.788
7. url-
?
. Wordpress , .
?
blockbadqueries.php wp-content/plugins . .
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests
Description: Protect WordPress Against Malicious URL Requests
Author URI: perishablepress.com
Author: Perishable Press
Version: 1.0
*/
global $user_ID;
if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?>
?
– ( 255 ) php- eval base64 URI. - , 414.
8. !
?
, , . , , «». , - , - -! --… , aka , aka « ».
?
apache . .htaccess :
RewriteEngine On
# ?mysite\.ru/
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.ru/ [NC]
RewriteCond %{HTTP_REFERER} !^$
# /images/nohotlink.jpg « …»
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
?
— , . «» — - .
9. . ( «admin»)!
?
, . — « admin ».
, Wordpress 3.0 , . .
?
:
UPDATE wp_users SET user_login = ' ' WHERE user_login = 'Admin';
?
sql- . , «». , admin ' . admin 'a , :
UPDATE wp_posts SET post_author = ' ' WHERE post_author = 'admin';
10.
?
. , www..ru/wp-includes , . , .
?
index.html , . .htaccess :
Options All -Indexes
?
index.html , . .htaccess .GLOBALS _REQUEST , 403- .
2.
?
Wordpress'a , . , , – ? .
?
functions.php , ( wp-content/themes/--/ ) :
add_filter('login_errors',create_function('$a', "return null;"));
. – .
?
login_errors() . , , , , — , .
3. SSL
?
, , SSL—, . Wordpress'e .
?
, SSL. , wp-config.php ( ) :
define('FORCE_SSL_ADMIN', true);
?
. Wordpress FORCE_SSL_ADMIN . SSL .
4. .htaccess wp-config
?
wp-config.php , MySQL . – .
?
.htaccess :
<files wp-config.php>
order allow,deny
deny from all
</files>
?
. .
5. Wordpress'a
?
Wordpress . , . , Wordpress'a , - . ? , .
?
functions.php , ( wp-content/themes/--/ ) -
remove_action('wp_head', 'wp_generator');
?
Wordpress'a . – .
+ rOOse , readme.html, . Wordpress'a.
6.
?
. – IP. , -, , .
?
.htaccess . 123.456.789 IP
<Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
?
apache. .htaccess e IP. -? , -
deny from 93.121.788
7. url-
?
. Wordpress , .
?
blockbadqueries.php wp-content/plugins . .
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests
Description: Protect WordPress Against Malicious URL Requests
Author URI: perishablepress.com
Author: Perishable Press
Version: 1.0
*/
global $user_ID;
if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?>
?
– ( 255 ) php- eval base64 URI. - , 414.
8. !
?
, , . , , «». , - , - -! --… , aka , aka « ».
?
apache . .htaccess :
RewriteEngine On
# ?mysite\.ru/
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.ru/ [NC]
RewriteCond %{HTTP_REFERER} !^$
# /images/nohotlink.jpg « …»
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
?
— , . «» — - .
9. . ( «admin»)!
?
, . — « admin ».
, Wordpress 3.0 , . .
?
:
UPDATE wp_users SET user_login = ' ' WHERE user_login = 'Admin';
?
sql- . , «». , admin ' . admin 'a , :
UPDATE wp_posts SET post_author = ' ' WHERE post_author = 'admin';
10.
?
. , www..ru/wp-includes , . , .
?
index.html , . .htaccess :
Options All -Indexes
?
index.html , . .htaccess .
GLOBALS _REQUEST , 403- .
2.
?
Wordpress'a , . , , – ? .
?
functions.php , ( wp-content/themes/--/ ) :
add_filter('login_errors',create_function('$a', "return null;"));
. – .
?
login_errors() . , , , , — , .
3. SSL
?
, , SSL—, . Wordpress'e .
?
, SSL. , wp-config.php ( ) :
define('FORCE_SSL_ADMIN', true);
?
. Wordpress
FORCE_SSL_ADMIN . SSL .
4. .htaccess wp-config
?
wp-config.php , MySQL . – .
?
.htaccess :
<files wp-config.php>
order allow,deny
deny from all
</files>
?
. .
5. Wordpress'a
?
Wordpress . , . , Wordpress'a , - . ? , .
?
functions.php , ( wp-content/themes/--/ ) -
remove_action('wp_head', 'wp_generator');
?
Wordpress'a . – .
+ rOOse , readme.html, . Wordpress'a.
6.
?
. – IP. , -, , .
?
.htaccess .
123.456.789 IP <Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
?
apache. .htaccess e IP. -? , -
deny from 93.121.788
7. url-
?
. Wordpress , .
?
blockbadqueries.php
wp-content/plugins . .
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests
Description: Protect WordPress Against Malicious URL Requests
Author URI: perishablepress.com
Author: Perishable Press
Version: 1.0
*/
global $user_ID;
if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?>
?
– ( 255 ) php-
eval base64 URI. - , 414.
8. !
?
, , . , , «». , - , - -! --… , aka , aka « ».
?
apache . .htaccess :
RewriteEngine On
# ?mysite\.ru/
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.ru/ [NC]
RewriteCond %{HTTP_REFERER} !^$
# /images/nohotlink.jpg « …»
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
?
— , . «» — - .
9. . ( «admin»)!
?
, . — « admin ».
, Wordpress 3.0 , . .
?
:
UPDATE wp_users SET user_login = ' ' WHERE user_login = 'Admin';
?
sql- . , «». , admin ' . admin 'a , :
UPDATE wp_posts SET post_author = ' ' WHERE post_author = 'admin';
10.
?
. ,
www..ru/wp-includes , . , .
?
index.html , . .htaccess :
Options All -Indexes
?
index.html , . .htaccess .
GLOBALS _REQUEST , 403- .
2.
?
Wordpress'a , . , , – ? .
?
functions.php , ( wp-content/themes/--/ ) :
add_filter('login_errors',create_function('$a', "return null;"));
. – .
?
login_errors() . , , , , — , .
3. SSL
?
, , SSL—, . Wordpress'e .
?
, SSL. , wp-config.php ( ) :
define('FORCE_SSL_ADMIN', true);
?
. Wordpress FORCE_SSL_ADMIN . SSL .
4. .htaccess wp-config
?
wp-config.php , MySQL . – .
?
.htaccess :
<files wp-config.php>
order allow,deny
deny from all
</files>
?
. .
5. Wordpress'a
?
Wordpress . , . , Wordpress'a , - . ? , .
?
functions.php , ( wp-content/themes/--/ ) -
remove_action('wp_head', 'wp_generator');
?
Wordpress'a . – .
+ rOOse , readme.html, . Wordpress'a.
6.
?
. – IP. , -, , .
?
.htaccess . 123.456.789 IP
<Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
?
apache. .htaccess e IP. -? , -
deny from 93.121.788
7. url-
?
. Wordpress , .
?
blockbadqueries.php wp-content/plugins . .
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests
Description: Protect WordPress Against Malicious URL Requests
Author URI: perishablepress.com
Author: Perishable Press
Version: 1.0
*/
global $user_ID;
if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?>
?
– ( 255 ) php- eval base64 URI. - , 414.
8. !
?
, , . , , «». , - , - -! --… , aka , aka « ».
?
apache . .htaccess :
RewriteEngine On
# ?mysite\.ru/
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.ru/ [NC]
RewriteCond %{HTTP_REFERER} !^$
# /images/nohotlink.jpg « …»
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
?
— , . «» — - .
9. . ( «admin»)!
?
, . — « admin ».
, Wordpress 3.0 , . .
?
:
UPDATE wp_users SET user_login = ' ' WHERE user_login = 'Admin';
?
sql- . , «». , admin ' . admin 'a , :
UPDATE wp_posts SET post_author = ' ' WHERE post_author = 'admin';
10.
?
. , www..ru/wp-includes , . , .
?
index.html , . .htaccess :
Options All -Indexes
?
index.html , . .htaccess .GLOBALS _REQUEST , 403- .
2.
?
Wordpress'a , . , , – ? .
?
functions.php , ( wp-content/themes/--/ ) :
add_filter('login_errors',create_function('$a', "return null;"));
. – .
?
login_errors() . , , , , — , .
3. SSL
?
, , SSL—, . Wordpress'e .
?
, SSL. , wp-config.php ( ) :
define('FORCE_SSL_ADMIN', true);
?
. Wordpress FORCE_SSL_ADMIN . SSL .
4. .htaccess wp-config
?
wp-config.php , MySQL . – .
?
.htaccess :
<files wp-config.php>
order allow,deny
deny from all
</files>
?
. .
5. Wordpress'a
?
Wordpress . , . , Wordpress'a , - . ? , .
?
functions.php , ( wp-content/themes/--/ ) -
remove_action('wp_head', 'wp_generator');
?
Wordpress'a . – .
+ rOOse , readme.html, . Wordpress'a.
6.
?
. – IP. , -, , .
?
.htaccess . 123.456.789 IP
<Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
?
apache. .htaccess e IP. -? , -
deny from 93.121.788
7. url-
?
. Wordpress , .
?
blockbadqueries.php wp-content/plugins . .
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests
Description: Protect WordPress Against Malicious URL Requests
Author URI: perishablepress.com
Author: Perishable Press
Version: 1.0
*/
global $user_ID;
if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?>
?
– ( 255 ) php- eval base64 URI. - , 414.
8. !
?
, , . , , «». , - , - -! --… , aka , aka « ».
?
apache . .htaccess :
RewriteEngine On
# ?mysite\.ru/
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.ru/ [NC]
RewriteCond %{HTTP_REFERER} !^$
# /images/nohotlink.jpg « …»
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
?
— , . «» — - .
9. . ( «admin»)!
?
, . — « admin ».
, Wordpress 3.0 , . .
?
:
UPDATE wp_users SET user_login = ' ' WHERE user_login = 'Admin';
?
sql- . , «». , admin ' . admin 'a , :
UPDATE wp_posts SET post_author = ' ' WHERE post_author = 'admin';
10.
?
. , www..ru/wp-includes , . , .
?
index.html , . .htaccess :
Options All -Indexes
?
index.html , . .htaccess .
GLOBALS _REQUEST , 403- .
2.
?
Wordpress'a , . , , – ? .
?
functions.php , ( wp-content/themes/--/ ) :
add_filter('login_errors',create_function('$a', "return null;"));
. – .
?
login_errors() . , , , , — , .
3. SSL
?
, , SSL—, . Wordpress'e .
?
, SSL. , wp-config.php ( ) :
define('FORCE_SSL_ADMIN', true);
?
. Wordpress
FORCE_SSL_ADMIN . SSL .
4. .htaccess wp-config
?
wp-config.php , MySQL . – .
?
.htaccess :
<files wp-config.php>
order allow,deny
deny from all
</files>
?
. .
5. Wordpress'a
?
Wordpress . , . , Wordpress'a , - . ? , .
?
functions.php , ( wp-content/themes/--/ ) -
remove_action('wp_head', 'wp_generator');
?
Wordpress'a . – .
+ rOOse , readme.html, . Wordpress'a.
6.
?
. – IP. , -, , .
?
.htaccess .
123.456.789 IP <Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
?
apache. .htaccess e IP. -? , -
deny from 93.121.788
7. url-
?
. Wordpress , .
?
blockbadqueries.php
wp-content/plugins . .
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests
Description: Protect WordPress Against Malicious URL Requests
Author URI: perishablepress.com
Author: Perishable Press
Version: 1.0
*/
global $user_ID;
if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?>
?
– ( 255 ) php-
eval base64 URI. - , 414.
8. !
?
, , . , , «». , - , - -! --… , aka , aka « ».
?
apache . .htaccess :
RewriteEngine On
# ?mysite\.ru/
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.ru/ [NC]
RewriteCond %{HTTP_REFERER} !^$
# /images/nohotlink.jpg « …»
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
?
— , . «» — - .
9. . ( «admin»)!
?
, . — « admin ».
, Wordpress 3.0 , . .
?
:
UPDATE wp_users SET user_login = ' ' WHERE user_login = 'Admin';
?
sql- . , «». , admin ' . admin 'a , :
UPDATE wp_posts SET post_author = ' ' WHERE post_author = 'admin';
10.
?
. ,
www..ru/wp-includes , . , .
?
index.html , . .htaccess :
Options All -Indexes
?
index.html , . .htaccess .
GLOBALS _REQUEST , 403- .
2.
?
Wordpress'a , . , , – ? .
?
functions.php , ( wp-content/themes/--/ ) :
add_filter('login_errors',create_function('$a', "return null;"));
. – .
?
login_errors() . , , , , — , .
3. SSL
?
, , SSL—, . Wordpress'e .
?
, SSL. , wp-config.php ( ) :
define('FORCE_SSL_ADMIN', true);
?
. Wordpress FORCE_SSL_ADMIN . SSL .
4. .htaccess wp-config
?
wp-config.php , MySQL . – .
?
.htaccess :
<files wp-config.php>
order allow,deny
deny from all
</files>
?
. .
5. Wordpress'a
?
Wordpress . , . , Wordpress'a , - . ? , .
?
functions.php , ( wp-content/themes/--/ ) -
remove_action('wp_head', 'wp_generator');
?
Wordpress'a . – .
+ rOOse , readme.html, . Wordpress'a.
6.
?
. – IP. , -, , .
?
.htaccess . 123.456.789 IP
<Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
?
apache. .htaccess e IP. -? , -
deny from 93.121.788
7. url-
?
. Wordpress , .
?
blockbadqueries.php wp-content/plugins . .
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests
Description: Protect WordPress Against Malicious URL Requests
Author URI: perishablepress.com
Author: Perishable Press
Version: 1.0
*/
global $user_ID;
if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?>
?
– ( 255 ) php- eval base64 URI. - , 414.
8. !
?
, , . , , «». , - , - -! --… , aka , aka « ».
?
apache . .htaccess :
RewriteEngine On
# ?mysite\.ru/
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.ru/ [NC]
RewriteCond %{HTTP_REFERER} !^$
# /images/nohotlink.jpg « …»
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
?
— , . «» — - .
9. . ( «admin»)!
?
, . — « admin ».
, Wordpress 3.0 , . .
?
:
UPDATE wp_users SET user_login = ' ' WHERE user_login = 'Admin';
?
sql- . , «». , admin ' . admin 'a , :
UPDATE wp_posts SET post_author = ' ' WHERE post_author = 'admin';
10.
?
. , www..ru/wp-includes , . , .
?
index.html , . .htaccess :
Options All -Indexes
?
index.html , . .htaccess . GLOBALS _REQUEST , 403- .
2.
?
Wordpress'a , . , , – ? .
?
functions.php , ( wp-content/themes/--/ ) :
add_filter('login_errors',create_function('$a', "return null;"));
. – .
?
login_errors() . , , , , — , .
3. SSL
?
, , SSL—, . Wordpress'e .
?
, SSL. , wp-config.php ( ) :
define('FORCE_SSL_ADMIN', true);
?
. Wordpress FORCE_SSL_ADMIN . SSL .
4. .htaccess wp-config
?
wp-config.php , MySQL . – .
?
.htaccess :
<files wp-config.php>
order allow,deny
deny from all
</files>
?
. .
5. Wordpress'a
?
Wordpress . , . , Wordpress'a , - . ? , .
?
functions.php , ( wp-content/themes/--/ ) -
remove_action('wp_head', 'wp_generator');
?
Wordpress'a . – .
+ rOOse , readme.html, . Wordpress'a.
6.
?
. – IP. , -, , .
?
.htaccess . 123.456.789 IP
<Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
?
apache. .htaccess e IP. -? , -
deny from 93.121.788
7. url-
?
. Wordpress , .
?
blockbadqueries.php wp-content/plugins . .
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests
Description: Protect WordPress Against Malicious URL Requests
Author URI: perishablepress.com
Author: Perishable Press
Version: 1.0
*/
global $user_ID;
if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?>
?
– ( 255 ) php- eval base64 URI. - , 414.
8. !
?
, , . , , «». , - , - -! --… , aka , aka « ».
?
apache . .htaccess :
RewriteEngine On
# ?mysite\.ru/
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.ru/ [NC]
RewriteCond %{HTTP_REFERER} !^$
# /images/nohotlink.jpg « …»
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
?
— , . «» — - .
9. . ( «admin»)!
?
, . — « admin ».
, Wordpress 3.0 , . .
?
:
UPDATE wp_users SET user_login = ' ' WHERE user_login = 'Admin';
?
sql- . , «». , admin ' . admin 'a , :
UPDATE wp_posts SET post_author = ' ' WHERE post_author = 'admin';
10.
?
. , www..ru/wp-includes , . , .
?
index.html , . .htaccess :
Options All -Indexes
?
index.html , . .htaccess .GLOBALS _REQUEST , 403- .
2.
?
Wordpress'a , . , , – ? .
?
functions.php , ( wp-content/themes/--/ ) :
add_filter('login_errors',create_function('$a', "return null;"));
. – .
?
login_errors() . , , , , — , .
3. SSL
?
, , SSL—, . Wordpress'e .
?
, SSL. , wp-config.php ( ) :
define('FORCE_SSL_ADMIN', true);
?
. Wordpress FORCE_SSL_ADMIN . SSL .
4. .htaccess wp-config
?
wp-config.php , MySQL . – .
?
.htaccess :
<files wp-config.php>
order allow,deny
deny from all
</files>
?
. .
5. Wordpress'a
?
Wordpress . , . , Wordpress'a , - . ? , .
?
functions.php , ( wp-content/themes/--/ ) -
remove_action('wp_head', 'wp_generator');
?
Wordpress'a . – .
+ rOOse , readme.html, . Wordpress'a.
6.
?
. – IP. , -, , .
?
.htaccess . 123.456.789 IP
<Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
?
apache. .htaccess e IP. -? , -
deny from 93.121.788
7. url-
?
. Wordpress , .
?
blockbadqueries.php wp-content/plugins . .
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests
Description: Protect WordPress Against Malicious URL Requests
Author URI: perishablepress.com
Author: Perishable Press
Version: 1.0
*/
global $user_ID;
if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?>
?
– ( 255 ) php- eval base64 URI. - , 414.
8. !
?
, , . , , «». , - , - -! --… , aka , aka « ».
?
apache . .htaccess :
RewriteEngine On
# ?mysite\.ru/
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.ru/ [NC]
RewriteCond %{HTTP_REFERER} !^$
# /images/nohotlink.jpg « …»
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
?
— , . «» — - .
9. . ( «admin»)!
?
, . — « admin ».
, Wordpress 3.0 , . .
?
:
UPDATE wp_users SET user_login = ' ' WHERE user_login = 'Admin';
?
sql- . , «». , admin ' . admin 'a , :
UPDATE wp_posts SET post_author = ' ' WHERE post_author = 'admin';
10.
?
. , www..ru/wp-includes , . , .
?
index.html , . .htaccess :
Options All -Indexes
?
index.html , . .htaccess .GLOBALS _REQUEST , 403- .
2.
?
Wordpress'a , . , , – ? .
?
functions.php , ( wp-content/themes/--/ ) :
add_filter('login_errors',create_function('$a', "return null;"));
. – .
?
login_errors() . , , , , — , .
3. SSL
?
, , SSL—, . Wordpress'e .
?
, SSL. , wp-config.php ( ) :
define('FORCE_SSL_ADMIN', true);
?
. Wordpress FORCE_SSL_ADMIN . SSL .
4. .htaccess wp-config
?
wp-config.php , MySQL . – .
?
.htaccess :
<files wp-config.php>
order allow,deny
deny from all
</files>
?
. .
5. Wordpress'a
?
Wordpress . , . , Wordpress'a , - . ? , .
?
functions.php , ( wp-content/themes/--/ ) -
remove_action('wp_head', 'wp_generator');
?
Wordpress'a . – .
+ rOOse , readme.html, . Wordpress'a.
6.
?
. – IP. , -, , .
?
.htaccess . 123.456.789 IP
<Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
?
apache. .htaccess e IP. -? , -
deny from 93.121.788
7. url-
?
. Wordpress , .
?
blockbadqueries.php wp-content/plugins . .
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests
Description: Protect WordPress Against Malicious URL Requests
Author URI: perishablepress.com
Author: Perishable Press
Version: 1.0
*/
global $user_ID;
if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?>
?
– ( 255 ) php- eval base64 URI. - , 414.
8. !
?
, , . , , «». , - , - -! --… , aka , aka « ».
?
apache . .htaccess :
RewriteEngine On
# ?mysite\.ru/
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.ru/ [NC]
RewriteCond %{HTTP_REFERER} !^$
# /images/nohotlink.jpg « …»
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
?
— , . «» — - .
9. . ( «admin»)!
?
, . — « admin ».
, Wordpress 3.0 , . .
?
:
UPDATE wp_users SET user_login = ' ' WHERE user_login = 'Admin';
?
sql- . , «». , admin ' . admin 'a , :
UPDATE wp_posts SET post_author = ' ' WHERE post_author = 'admin';
10.
?
. , www..ru/wp-includes , . , .
?
index.html , . .htaccess :
Options All -Indexes
?
index.html , . .htaccess .
GLOBALS _REQUEST , 403- .
2.
?
Wordpress'a , . , , – ? .
?
functions.php , ( wp-content/themes/--/ ) :
add_filter('login_errors',create_function('$a', "return null;"));
. – .
?
login_errors() . , , , , — , .
3. SSL
?
, , SSL—, . Wordpress'e .
?
, SSL. , wp-config.php ( ) :
define('FORCE_SSL_ADMIN', true);
?
. Wordpress
FORCE_SSL_ADMIN . SSL .
4. .htaccess wp-config
?
wp-config.php , MySQL . – .
?
.htaccess :
<files wp-config.php>
order allow,deny
deny from all
</files>
?
. .
5. Wordpress'a
?
Wordpress . , . , Wordpress'a , - . ? , .
?
functions.php , ( wp-content/themes/--/ ) -
remove_action('wp_head', 'wp_generator');
?
Wordpress'a . – .
+ rOOse , readme.html, . Wordpress'a.
6.
?
. – IP. , -, , .
?
.htaccess .
123.456.789 IP <Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
?
apache. .htaccess e IP. -? , -
deny from 93.121.788
7. url-
?
. Wordpress , .
?
blockbadqueries.php
wp-content/plugins . .
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests
Description: Protect WordPress Against Malicious URL Requests
Author URI: perishablepress.com
Author: Perishable Press
Version: 1.0
*/
global $user_ID;
if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?>
?
– ( 255 ) php-
eval base64 URI. - , 414.
8. !
?
, , . , , «». , - , - -! --… , aka , aka « ».
?
apache . .htaccess :
RewriteEngine On
# ?mysite\.ru/
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.ru/ [NC]
RewriteCond %{HTTP_REFERER} !^$
# /images/nohotlink.jpg « …»
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
?
— , . «» — - .
9. . ( «admin»)!
?
, . — « admin ».
, Wordpress 3.0 , . .
?
:
UPDATE wp_users SET user_login = ' ' WHERE user_login = 'Admin';
?
sql- . , «». , admin ' . admin 'a , :
UPDATE wp_posts SET post_author = ' ' WHERE post_author = 'admin';
10.
?
. ,
www..ru/wp-includes , . , .
?
index.html , . .htaccess :
Options All -Indexes
?
index.html , . .htaccess .
GLOBALS _REQUEST , 403- .
2.
?
Wordpress'a , . , , – ? .
?
functions.php , ( wp-content/themes/--/ ) :
add_filter('login_errors',create_function('$a', "return null;"));
. – .
?
login_errors() . , , , , — , .
3. SSL
?
, , SSL—, . Wordpress'e .
?
, SSL. , wp-config.php ( ) :
define('FORCE_SSL_ADMIN', true);
?
. Wordpress FORCE_SSL_ADMIN . SSL .
4. .htaccess wp-config
?
wp-config.php , MySQL . – .
?
.htaccess :
<files wp-config.php>
order allow,deny
deny from all
</files>
?
. .
5. Wordpress'a
?
Wordpress . , . , Wordpress'a , - . ? , .
?
functions.php , ( wp-content/themes/--/ ) -
remove_action('wp_head', 'wp_generator');
?
Wordpress'a . – .
+ rOOse , readme.html, . Wordpress'a.
6.
?
. – IP. , -, , .
?
.htaccess . 123.456.789 IP
<Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
?
apache. .htaccess e IP. -? , -
deny from 93.121.788
7. url-
?
. Wordpress , .
?
blockbadqueries.php wp-content/plugins . .
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests
Description: Protect WordPress Against Malicious URL Requests
Author URI: perishablepress.com
Author: Perishable Press
Version: 1.0
*/
global $user_ID;
if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?>
?
– ( 255 ) php- eval base64 URI. - , 414.
8. !
?
, , . , , «». , - , - -! --… , aka , aka « ».
?
apache . .htaccess :
RewriteEngine On
# ?mysite\.ru/
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.ru/ [NC]
RewriteCond %{HTTP_REFERER} !^$
# /images/nohotlink.jpg « …»
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
?
— , . «» — - .
9. . ( «admin»)!
?
, . — « admin ».
, Wordpress 3.0 , . .
?
:
UPDATE wp_users SET user_login = ' ' WHERE user_login = 'Admin';
?
sql- . , «». , admin ' . admin 'a , :
UPDATE wp_posts SET post_author = ' ' WHERE post_author = 'admin';
10.
?
. , www..ru/wp-includes , . , .
?
index.html , . .htaccess :
Options All -Indexes
?
index.html , . .htaccess .GLOBALS _REQUEST , 403- .
2.
?
Wordpress'a , . , , – ? .
?
functions.php , ( wp-content/themes/--/ ) :
add_filter('login_errors',create_function('$a', "return null;"));
. – .
?
login_errors() . , , , , — , .
3. SSL
?
, , SSL—, . Wordpress'e .
?
, SSL. , wp-config.php ( ) :
define('FORCE_SSL_ADMIN', true);
?
. Wordpress FORCE_SSL_ADMIN . SSL .
4. .htaccess wp-config
?
wp-config.php , MySQL . – .
?
.htaccess :
<files wp-config.php>
order allow,deny
deny from all
</files>
?
. .
5. Wordpress'a
?
Wordpress . , . , Wordpress'a , - . ? , .
?
functions.php , ( wp-content/themes/--/ ) -
remove_action('wp_head', 'wp_generator');
?
Wordpress'a . – .
+ rOOse , readme.html, . Wordpress'a.
6.
?
. – IP. , -, , .
?
.htaccess . 123.456.789 IP
<Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
?
apache. .htaccess e IP. -? , -
deny from 93.121.788
7. url-
?
. Wordpress , .
?
blockbadqueries.php wp-content/plugins . .
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests
Description: Protect WordPress Against Malicious URL Requests
Author URI: perishablepress.com
Author: Perishable Press
Version: 1.0
*/
global $user_ID;
if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?>
?
– ( 255 ) php- eval base64 URI. - , 414.
8. !
?
, , . , , «». , - , - -! --… , aka , aka « ».
?
apache . .htaccess :
RewriteEngine On
# ?mysite\.ru/
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.ru/ [NC]
RewriteCond %{HTTP_REFERER} !^$
# /images/nohotlink.jpg « …»
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
?
— , . «» — - .
9. . ( «admin»)!
?
, . — « admin ».
, Wordpress 3.0 , . .
?
:
UPDATE wp_users SET user_login = ' ' WHERE user_login = 'Admin';
?
sql- . , «». , admin ' . admin 'a , :
UPDATE wp_posts SET post_author = ' ' WHERE post_author = 'admin';
10.
?
. , www..ru/wp-includes , . , .
?
index.html , . .htaccess :
Options All -Indexes
?
index.html , . .htaccess .
GLOBALS _REQUEST , 403- .
2.
?
Wordpress'a , . , , – ? .
?
functions.php , ( wp-content/themes/--/ ) :
add_filter('login_errors',create_function('$a', "return null;"));
. – .
?
login_errors() . , , , , — , .
3. SSL
?
, , SSL—, . Wordpress'e .
?
, SSL. , wp-config.php ( ) :
define('FORCE_SSL_ADMIN', true);
?
. Wordpress
FORCE_SSL_ADMIN . SSL .
4. .htaccess wp-config
?
wp-config.php , MySQL . – .
?
.htaccess :
<files wp-config.php>
order allow,deny
deny from all
</files>
?
. .
5. Wordpress'a
?
Wordpress . , . , Wordpress'a , - . ? , .
?
functions.php , ( wp-content/themes/--/ ) -
remove_action('wp_head', 'wp_generator');
?
Wordpress'a . – .
+ rOOse , readme.html, . Wordpress'a.
6.
?
. – IP. , -, , .
?
.htaccess .
123.456.789 IP <Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
?
apache. .htaccess e IP. -? , -
deny from 93.121.788
7. url-
?
. Wordpress , .
?
blockbadqueries.php
wp-content/plugins . .
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests
Description: Protect WordPress Against Malicious URL Requests
Author URI: perishablepress.com
Author: Perishable Press
Version: 1.0
*/
global $user_ID;
if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?>
?
– ( 255 ) php-
eval base64 URI. - , 414.
8. !
?
, , . , , «». , - , - -! --… , aka , aka « ».
?
apache . .htaccess :
RewriteEngine On
# ?mysite\.ru/
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.ru/ [NC]
RewriteCond %{HTTP_REFERER} !^$
# /images/nohotlink.jpg « …»
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
?
— , . «» — - .
9. . ( «admin»)!
?
, . — « admin ».
, Wordpress 3.0 , . .
?
:
UPDATE wp_users SET user_login = ' ' WHERE user_login = 'Admin';
?
sql- . , «». , admin ' . admin 'a , :
UPDATE wp_posts SET post_author = ' ' WHERE post_author = 'admin';
10.
?
. ,
www..ru/wp-includes , . , .
?
index.html , . .htaccess :
Options All -Indexes
?
index.html , . .htaccess .
GLOBALS _REQUEST , 403- .
2.
?
Wordpress'a , . , , – ? .
?
functions.php , ( wp-content/themes/--/ ) :
add_filter('login_errors',create_function('$a', "return null;"));
. – .
?
login_errors() . , , , , — , .
3. SSL
?
, , SSL—, . Wordpress'e .
?
, SSL. , wp-config.php ( ) :
define('FORCE_SSL_ADMIN', true);
?
. Wordpress FORCE_SSL_ADMIN . SSL .
4. .htaccess wp-config
?
wp-config.php , MySQL . – .
?
.htaccess :
<files wp-config.php>
order allow,deny
deny from all
</files>
?
. .
5. Wordpress'a
?
Wordpress . , . , Wordpress'a , - . ? , .
?
functions.php , ( wp-content/themes/--/ ) -
remove_action('wp_head', 'wp_generator');
?
Wordpress'a . – .
+ rOOse , readme.html, . Wordpress'a.
6.
?
. – IP. , -, , .
?
.htaccess . 123.456.789 IP
<Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
?
apache. .htaccess e IP. -? , -
deny from 93.121.788
7. url-
?
. Wordpress , .
?
blockbadqueries.php wp-content/plugins . .
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests
Description: Protect WordPress Against Malicious URL Requests
Author URI: perishablepress.com
Author: Perishable Press
Version: 1.0
*/
global $user_ID;
if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?>
?
– ( 255 ) php- eval base64 URI. - , 414.
8. !
?
, , . , , «». , - , - -! --… , aka , aka « ».
?
apache . .htaccess :
RewriteEngine On
# ?mysite\.ru/
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.ru/ [NC]
RewriteCond %{HTTP_REFERER} !^$
# /images/nohotlink.jpg « …»
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
?
— , . «» — - .
9. . ( «admin»)!
?
, . — « admin ».
, Wordpress 3.0 , . .
?
:
UPDATE wp_users SET user_login = ' ' WHERE user_login = 'Admin';
?
sql- . , «». , admin ' . admin 'a , :
UPDATE wp_posts SET post_author = ' ' WHERE post_author = 'admin';
10.
?
. , www..ru/wp-includes , . , .
?
index.html , . .htaccess :
Options All -Indexes
?
index.html , . .htaccess .GLOBALS _REQUEST , 403- .
2.
?
Wordpress'a , . , , – ? .
?
functions.php , ( wp-content/themes/--/ ) :
add_filter('login_errors',create_function('$a', "return null;"));
. – .
?
login_errors() . , , , , — , .
3. SSL
?
, , SSL—, . Wordpress'e .
?
, SSL. , wp-config.php ( ) :
define('FORCE_SSL_ADMIN', true);
?
. Wordpress FORCE_SSL_ADMIN . SSL .
4. .htaccess wp-config
?
wp-config.php , MySQL . – .
?
.htaccess :
<files wp-config.php>
order allow,deny
deny from all
</files>
?
. .
5. Wordpress'a
?
Wordpress . , . , Wordpress'a , - . ? , .
?
functions.php , ( wp-content/themes/--/ ) -
remove_action('wp_head', 'wp_generator');
?
Wordpress'a . – .
+ rOOse , readme.html, . Wordpress'a.
6.
?
. – IP. , -, , .
?
.htaccess . 123.456.789 IP
<Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
?
apache. .htaccess e IP. -? , -
deny from 93.121.788
7. url-
?
. Wordpress , .
?
blockbadqueries.php wp-content/plugins . .
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests
Description: Protect WordPress Against Malicious URL Requests
Author URI: perishablepress.com
Author: Perishable Press
Version: 1.0
*/
global $user_ID;
if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?>
?
– ( 255 ) php- eval base64 URI. - , 414.
8. !
?
, , . , , «». , - , - -! --… , aka , aka « ».
?
apache . .htaccess :
RewriteEngine On
# ?mysite\.ru/
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.ru/ [NC]
RewriteCond %{HTTP_REFERER} !^$
# /images/nohotlink.jpg « …»
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
?
— , . «» — - .
9. . ( «admin»)!
?
, . — « admin ».
, Wordpress 3.0 , . .
?
:
UPDATE wp_users SET user_login = ' ' WHERE user_login = 'Admin';
?
sql- . , «». , admin ' . admin 'a , :
UPDATE wp_posts SET post_author = ' ' WHERE post_author = 'admin';
10.
?
. , www..ru/wp-includes , . , .
?
index.html , . .htaccess :
Options All -Indexes
?
index.html , . .htaccess .
GLOBALS _REQUEST , 403- .
2.
?
Wordpress'a , . , , – ? .
?
functions.php , ( wp-content/themes/--/ ) :
add_filter('login_errors',create_function('$a', "return null;"));
. – .
?
login_errors() . , , , , — , .
3. SSL
?
, , SSL—, . Wordpress'e .
?
, SSL. , wp-config.php ( ) :
define('FORCE_SSL_ADMIN', true);
?
. Wordpress
FORCE_SSL_ADMIN . SSL .
4. .htaccess wp-config
?
wp-config.php , MySQL . – .
?
.htaccess :
<files wp-config.php>
order allow,deny
deny from all
</files>
?
. .
5. Wordpress'a
?
Wordpress . , . , Wordpress'a , - . ? , .
?
functions.php , ( wp-content/themes/--/ ) -
remove_action('wp_head', 'wp_generator');
?
Wordpress'a . – .
+ rOOse , readme.html, . Wordpress'a.
6.
?
. – IP. , -, , .
?
.htaccess .
123.456.789 IP <Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
?
apache. .htaccess e IP. -? , -
deny from 93.121.788
7. url-
?
. Wordpress , .
?
blockbadqueries.php
wp-content/plugins . .
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests
Description: Protect WordPress Against Malicious URL Requests
Author URI: perishablepress.com
Author: Perishable Press
Version: 1.0
*/
global $user_ID;
if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?>
?
– ( 255 ) php-
eval base64 URI. - , 414.
8. !
?
, , . , , «». , - , - -! --… , aka , aka « ».
?
apache . .htaccess :
RewriteEngine On
# ?mysite\.ru/
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.ru/ [NC]
RewriteCond %{HTTP_REFERER} !^$
# /images/nohotlink.jpg « …»
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
?
— , . «» — - .
9. . ( «admin»)!
?
, . — « admin ».
, Wordpress 3.0 , . .
?
:
UPDATE wp_users SET user_login = ' ' WHERE user_login = 'Admin';
?
sql- . , «». , admin ' . admin 'a , :
UPDATE wp_posts SET post_author = ' ' WHERE post_author = 'admin';
10.
?
. ,
www..ru/wp-includes , . , .
?
index.html , . .htaccess :
Options All -Indexes
?
index.html , . .htaccess .
GLOBALS _REQUEST , 403- .
2.
?
Wordpress'a , . , , – ? .
?
functions.php , ( wp-content/themes/--/ ) :
add_filter('login_errors',create_function('$a', "return null;"));
. – .
?
login_errors() . , , , , — , .
3. SSL
?
, , SSL—, . Wordpress'e .
?
, SSL. , wp-config.php ( ) :
define('FORCE_SSL_ADMIN', true);
?
. Wordpress FORCE_SSL_ADMIN . SSL .
4. .htaccess wp-config
?
wp-config.php , MySQL . – .
?
.htaccess :
<files wp-config.php>
order allow,deny
deny from all
</files>
?
. .
5. Wordpress'a
?
Wordpress . , . , Wordpress'a , - . ? , .
?
functions.php , ( wp-content/themes/--/ ) -
remove_action('wp_head', 'wp_generator');
?
Wordpress'a . – .
+ rOOse , readme.html, . Wordpress'a.
6.
?
. – IP. , -, , .
?
.htaccess . 123.456.789 IP
<Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
?
apache. .htaccess e IP. -? , -
deny from 93.121.788
7. url-
?
. Wordpress , .
?
blockbadqueries.php wp-content/plugins . .
<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests
Description: Protect WordPress Against Malicious URL Requests
Author URI: perishablepress.com
Author: Perishable Press
Version: 1.0
*/
global $user_ID;
if($user_ID) { if(!current_user_can('level_10')) { if (strlen($_SERVER['REQUEST_URI']) > 255 || strpos($_SERVER['REQUEST_URI'], "eval(") || strpos($_SERVER['REQUEST_URI'], "CONCAT") || strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") || strpos($_SERVER['REQUEST_URI'], "base64")) { @header("HTTP/1.1 414 Request-URI Too Long"); @header("Status: 414 Request-URI Too Long"); @header("Connection: Close"); @exit; } } } ?>
?
– ( 255 ) php- eval base64 URI. - , 414.
8. !
?
, , . , , «». , - , - -! --… , aka , aka « ».
?
apache . .htaccess :
RewriteEngine On
# ?mysite\.ru/
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.ru/ [NC]
RewriteCond %{HTTP_REFERER} !^$
# /images/nohotlink.jpg « …»
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
?
— , . «» — - .
9. . ( «admin»)!
?
, . — « admin ».
, Wordpress 3.0 , . .
?
:
UPDATE wp_users SET user_login = ' ' WHERE user_login = 'Admin';
?
sql- . , «». , admin ' . admin 'a , :
UPDATE wp_posts SET post_author = ' ' WHERE post_author = 'admin';
10.
?
. , www..ru/wp-includes , . , .
?
index.html , . .htaccess :
Options All -Indexes
?
index.html , . .htaccess .Source: https://habr.com/ru/post/98083/
All Articles