Skip to:

bbPress Security

  • Can I use this wp plugin for bbpress?

    < ?php


    Plugin Name: Block Bad Queries

    Plugin URI:

    Description: Protect WordPress Against Malicious URL Requests

    Author URI:

    Author: Perishable Press

    Version: 1.0


    global $user_ID;

    if($user_ID) {

    if(!current_user_can(‘level_10’)) {

    if (strlen($_SERVER) > 255 ||

    strpos($_SERVER, “eval(“) ||

    strpos($_SERVER, “CONCAT”) ||

    strpos($_SERVER, “UNION+SELECT”) ||

    strpos($_SERVER, “base64”)) {

    @header(“HTTP/1.1 414 Request-URI Too Long”);

    @header(“Status: 414 Request-URI Too Long”);

    @header(“Connection: Close”);






    And tell me how can I make my forums more secure?

    Nedd Tips and Tricks!!

    And did anyone make any security concern plugin for bbpress?



Viewing 2 replies - 1 through 2 (of 2 total)

  • chrishajer


    I think it would probably work if you changed the user check to reflect bbPress users and not WordPress users and levels.

    _ck_ posted something similar a while back on the trac site about blocking long query strings. Maybe she will post here about this.



    Someone copied my plugin (they used ALL of my lines then added a few) but they defeated the entire purpose.

    Their code only runs if there is an active user, if someone is not logged in and there is a loophole, the code would run unchallenged.

    Plus they exclude admin, so if there is a hacked account, the code is also bypassed.

    Here is my improved version of my original code

    if (strlen($_SERVER['REQUEST_URI'])>255 ||
    header('HTTP/1.1 414 Request-URI Too Long');
    header('Status: 414 Request-URI Too Long');
    header('Connection: Close');

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.
Skip to toolbar