Keeping a Secure WP Blog Using the BBQ PluginBy John Hoff Jeff Starr of the blog Perishable Press and author of the book, Digging Into WordPress has developed a really cool plugin called, Block Bad Queries... or BBQ for short. In his article, Protect WordPress Against Malicious URL Requests, he tells us: This script checks for excessively long request strings (i.e., greater than 255 characters), as well as the presence of either “eval(” or “base64” in the request URI. These sorts of nefarious requests were implicated in the September 2009 WordPress attacks. Why This Plugin is Important One of the many ways a WordPress cracker will try to hack their way into your blog is through what is called, SQL injection. There are a few things you can do to help secure WP against these kinds of attacks, one of them is by installing this plugin. Another great way is to make sure you stay up to date with your blog's upgrades. SQL Injection usually involves a hacker going up to their web browser's address bar and adding a bunch of, what would seem to be random, strings of characters after your web address. So for example, they might enter this into their web browser's address bar: http://yourblog.com/index.php?cat=999+UNION+SELECT+null, There are different "things" or "code" someone can try to crack into your blog, and what this plugin helps thwart are those with excessively long characters. So if you're looking for a good plugin to work quietly in the background and help secure WP, I definitely recommend the block bad queries plugin. |
|
© 2011 John Hoff, All Rights Reserved
Get the WordPress Defender eBook | Contact Us