[pagal]

Can I use this wp plugin for bbpress?

< ?php

/*

Plugin Name: Block Bad Queries

Plugin URI: http://perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests/

Description: Protect WordPress Against Malicious URL Requests

Author URI: http://perishablepress.com/

Author: Perishable Press

Version: 1.0

*/

global $user_ID;

if($user_ID) {

if(!current_user_can(‘level_10’)) {

if (strlen($_SERVER) > 255 ||

strpos($_SERVER, “eval(“) ||

strpos($_SERVER, “CONCAT”) ||

strpos($_SERVER, “UNION+SELECT”) ||

strpos($_SERVER, “base64”)) {

@header(“HTTP/1.1 414 Request-URI Too Long”);

@header(“Status: 414 Request-URI Too Long”);

@header(“Connection: Close”);

@exit;

}

}

}

?>

And tell me how can I make my forums more secure?

Nedd Tips and Tricks!!

And did anyone make any security concern plugin for bbpress?

Thanks,

Pagal

[chrishajer]

I think it would probably work if you changed the user check to reflect bbPress users and not WordPress users and levels.

_ck_ posted something similar a while back on the WordPress.org trac site about blocking long query strings. Maybe she will post here about this.

simple WordPress and bbPress security plugin to block long requests

https://core.trac.wordpress.org/ticket/8152

[_ck_]

Someone copied my plugin (they used ALL of my lines then added a few) but they defeated the entire purpose.

Their code only runs if there is an active user, if someone is not logged in and there is a loophole, the code would run unchallenged.

Plus they exclude admin, so if there is a hacked account, the code is also bypassed.

Here is my improved version of my original code

if (strlen($_SERVER['REQUEST_URI'])>255 ||

preg_match('@(eval|base64|unescape)[^a-zA-Z0-9]@si',$_SERVER['REQUEST_URI']))

{

header('HTTP/1.1 414 Request-URI Too Long');

header('Status: 414 Request-URI Too Long');

header('Connection: Close');

exit;

}