How to Block Common Exploit in WordPress

Snippets by IsItWP

Are you looking for a way to block common exploits? While there’s probably a plugin for this, we have created a quick code snippet that you can use to block common exploits in WordPress.


All you have to do is add this code to your theme’s .HTACCESS file or in a site-specific plugin:

RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ ///.*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\?\=?(http|ftp|ssl|https):/.*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\?\?.*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\.(asp|ini|dll).*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\.(htpasswd|htaccess|aahtpasswd).*\ HTTP/ [NC]
RewriteRule .* - [F,NS,L]

Note: If this is your first time adding code snippets in WordPress, then please refer to our guide on how to properly add code snippets in WordPress, so you don’t accidentally break your site.

If you liked this code snippet, please consider checking out our other articles on the site like: 11 best WordPress quiz plugins and how to create stunning WordPress optin forms.

Comments   Leave a Reply

  1. Can you please elaborate more. What type of exploits, we can block. How can we block a specific exploit, about which know.
    Please tell me.

    1. This snippet does a range of things, including denies POST request with wrong content type and denies requests that dont contain a HTTP HOST Header also specific file types from being viewed. etc, If you are not familiar with htaccess make sure you backup your original file first.

Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our privacy policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.

WordPress Launch Checklist

The Ultimate WordPress Launch Checklist

We've compiled all the essential checklist items for your next WordPress website launch into one handy ebook.
Yes, Send Me the Free eBook!