Reject all malicious URL requests functions.php

this might not be the right place as it's a question about a function snippet that relates also to the server and log files.

I have been trying to block access to my site from bad query attempts which show up on my server logs attempting to access pages that don't exist. I found a snippet online with claims that it may stop these kinds of requests, but with very little explanation as to what it exactly does.

So can anyone advise me as to what this snippet would do and if it should be placed (as is) into the function.php or if it should have a function before hand:

global $user_ID;
  if($user_ID) {
      if(!current_user_can('administrator')) {
          if (strlen($_SERVER['REQUEST_URI'])  255 ||
              stripos($_SERVER['REQUEST_URI'], eval() ||
              stripos($_SERVER['REQUEST_URI'], CONCAT) ||
              stripos($_SERVER['REQUEST_URI'], UNION+SELECT) ||
              stripos($_SERVER['REQUEST_URI'], base64)) {
                  @header(HTTP/1.1 414 Request-URI Too Long);
                  @header(Status: 414 Request-URI Too Long);
                  @header(Connection: Close);
                  @exit;
          }
      }
  }

Topic functions php server security query Wordpress

Category Web

1
answered at

All publicly visible sites on the internet get hit with ridiculous URL requests fairly often. These come from script kiddies (low-rent cybercriminals, the kind of children who think they're l33t or something) trying to get your site to misbehave and give them access using (mostly) old tricks that exploit long-fixed bugs. Some of the tricks they try are decades old.

Trying to stay ahead of these ridiculous URLs on your own site isn't worth your trouble: you'll just be playing whack-a-mole. There's already lots of stuff in WordPress, php, and web servers (like Apache and litespeed) to repel these attempted invasions. You're much better off doing these things:

  1. Regularly updating WordPress, your themes, and your plugins to the latest versions. These updates often fix security issues and plug new holes, and often (not always) before the kiddies figure out how to exploit them.

  2. Making it really hard to guess your administrative username / password combinations. Use a hard to guess username rather than admin. And use a hard to guess password.

  3. Installing a security plugin to slow down the kiddies.

  4. Not keeping data on about visitors to your site unless you have good reasons. Sites with less data are less interesting to kiddies.

That being said, pretty much all WordPress add-on code, like yours, must be registered as a Hook : an Action or a Filter so WordPress knows when to run it and what to do with the result. Often a big challenge when writing code to add in to WordPress is figuring out which hook to use. Did the code snippet in your question mention which hook should invoke it?

The first hook on an ordinary WordPress page is do_parse_request. If you return false from this filter WordPress goes on to completely ignore the incoming web request.

So you might try


add_filter('do_parse_request', my_parse_request_filter, 10, 3 );
function my_parse_request_filter ($continue, $wp, $extra_query_vars) {
  if ( something is wrong with $_SERVER['REQUEST_URI'] ) {
    $wp->query_vars['error'] = 414;
    $return false;
  }
  return $continue;
}

but any administrator or other logged-in user isn't yet known in that filter.

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.