Become Wordpress Professional - Your Ultimate Wordpress Guide

Thursday, 21 March 2013

Strengthen Wordpress Site Security by 5G Firewall

add 5G firewall in WordPress
In this tutorial you will learn about implementing an extra security layer for your WordPress site by adding powerful .htaccess firewall, the 5G firewall is designed specially for WordPress powered sites and it is very effective in blocking bad bots request for user agents and unwanted IP address.

First of all open up your online web host Cpanel account and open up .htaccess file in the root directory of your site.

# 5G FIREWALL

# 5G:[QUERY STRINGS]
<IfModule mod_rewrite.c>
 RewriteEngine On
 RewriteBase /
 RewriteCond %{QUERY_STRING} (environ|localhost|mosconfig|scanner) [NC,OR]
 RewriteCond %{QUERY_STRING} (menu|mod|path|tag)\=\.?/? [NC,OR]
 RewriteCond %{QUERY_STRING} boot\.ini  [NC,OR]
 RewriteCond %{QUERY_STRING} echo.*kae  [NC,OR]
 RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]
 RewriteCond %{QUERY_STRING} \=\\%27$   [NC,OR]
 RewriteCond %{QUERY_STRING} \=\\\'$    [NC,OR]
 RewriteCond %{QUERY_STRING} \.\./      [NC,OR]
 RewriteCond %{QUERY_STRING} \:         [NC,OR]
 RewriteCond %{QUERY_STRING} \[         [NC,OR]
 RewriteCond %{QUERY_STRING} \]         [NC]
 RewriteRule .* - [F]
</IfModule>

# 5G:[USER AGENTS]
<IfModule mod_setenvif.c>
 SetEnvIfNoCase User-Agent ^$ keep_out
 SetEnvIfNoCase User-Agent (casper|cmsworldmap|diavol|dotbot)   keep_out
 SetEnvIfNoCase User-Agent (flicky|ia_archiver|jakarta|kmccrew) keep_out
 SetEnvIfNoCase User-Agent (libwww|planetwork|pycurl|skygrid)   keep_out
 <Limit GET POST PUT>
  Order Allow,Deny
  Allow from all
  Deny from env=keep_out
 </Limit>
</IfModule>

# 5G:[REQUEST STRINGS]
<IfModule mod_alias.c>
 RedirectMatch 403 (https?|ftp|php)\://
 RedirectMatch 403 /(cgi|https?|ima|ucp)/
 RedirectMatch 403 (\=\\\'|\=\\%27|/\\\'/?|\)\.css\()$
 RedirectMatch 403 (\,|//|\)\+|/\,/|\{0\}|\(/\(|\.\.\.|\+\+\+|\|)
 RedirectMatch 403 \.(cgi|asp|aspx|cfg|dll|exe|jsp|mdb|sql|ini|rar)$
 RedirectMatch 403 /(contac|fpw|install|pingserver|register)\.php
 RedirectMatch 403 (base64|crossdomain|localhost|wwwroot)
 RedirectMatch 403 (eval\(|\_vti\_|\(null\)|echo.*kae)
 RedirectMatch 403 \.well\-known/host\-meta
 RedirectMatch 403 /function\.array\-rand
 RedirectMatch 403 \)\;\$\(this\)\.html\(
 RedirectMatch 403 proc/self/environ
 RedirectMatch 403 msnbot\.htm\)\.\_
 RedirectMatch 403 /ref\.outcontrol
 RedirectMatch 403 com\_cropimage
 RedirectMatch 403 indonesia\.htm
 RedirectMatch 403 \{\$itemURL\}
 RedirectMatch 403 function\(\)
 RedirectMatch 403 labels\.rdf
</IfModule>

# 5G:[BAD IPS]
<Limit GET POST PUT>
 Order Allow,Deny
 Allow from all
 Deny from 184.56.246.23
 Deny from 195.10.218.132
 Deny from 208.91.57.65
 Deny from 209.190.3.218
 Deny from 64.15.156.15
 Deny from 86.175.86.170
 Deny from 91.121.
 Deny from 41.206.13.3
 Deny from 207.177.225.66
 Deny from 137.82.182.121
 Deny from 79.125.81.232
 Deny from 24.66.27.191
 Deny from 216.40.231.210
 Deny from 151.42.146.98
 Deny from 77.191.130.244
 Deny from 115.79.13.174
 Deny from 84.189.184.170
</Limit>


Definition of 5G Firewall code

Copy above code and note that there are no modifications required and the 5G firewall is ready to protect your WordPress site. Copy and Paste the code and save it. After done return to the browser and open your site and navigate to confirm everything is perfect or not. If everything is working great then the code is working fine and your WordPress site is protected with strong firewall.

You May Also Like: Protecting Comment Spamming in Wordpress

There is actually a lot going in the code. Lets continue with the quick walk through with 5G code. The first section of the code checks the query string and the requested URL and blocks the bad stuff. This first section is the key part of the 5G firewall.

The next section check the user agent making the request and blocks the most known bad user agents. Note that this is the same block of code we used in previous tutorial that is about blocking bad bots. So if you already have the code in .htaccess then there is no need to add the code again.

Why 5G Firewall is useful for WordPress

Lastly the firewall blocked the short list of known bad IP addresses and if you find any bad IP, you can add it in to the list using the same way. For default Installation of WordPress the 5G firewall is safe and powerful way to protect you site. This code can be friendly and nice with many plugins without causing conflicts.

0 comments:

Post a Comment

Please Avoid Spamming. Comments will be moderated before they are published.