Preventing Hacking Attempts With Apache .htaccess

I used to see many URLs which directly looking just a hacking attempts by hackers. Hackers are hackers they may continue to do that but we can try to prevent such effort. So, I hope you have take all common security measures discussed at many places for securing WordPress site. The problem is bigger on self hosted site. On wordpress.com hosted site this problem just reduced to having tough to guess userId and password.

I see many url in 404 server log and it is easily recognizable that the URLs coming on 404 log are hacking attempt or just a typo or other mistake.

These are the kind of URLs I have seen many times:
/2011/02/market-trends-report-on-social-media-marketing-and-others.html/admin/categories.php/login.php
/2010/07/wordpress-solution-to-blank-web-pages-without-error.html/wp-content/theme/Display/timthumb.php
/2008/04/simple-login-code-in-php-for-symfony.html=http:/parascape.org/Shell.txt

parascape.org is new in the url. May be is telling something about the hackers!

I landed on this page from somewhere written by Dear Amit, which is about clean URL. After implementing that I went on checking 404 error log and found the usual hacking attempts. Those example URLs mentioned above are taken from there. I thought to play little more with .htaccess file and come up with this .htaccess rule:

RewriteCond %{REQUEST_URI} (.*\.html)/.*
RewriteRule ^(.*\.html).* /$1? [R=301,L]

Add this lines above WordPress generated .htaccess rules. I guess your Rewrite engine would be already on. If not then adding this line above the two lines is required:
RewriteEngine on
If the line is already added once above your code then no need to add it again.

As I have tested, it is working for me. I hope I have not stopped any default WordPress implemented URL from working. Please point me if you think this can stop native WordPress URL.

Update:

Something serious has happen to Super cache plugin. I do not know which rule has done this. May be new update to Super cache was not done to .htaccess file as I saw today. I have updated the plugin but .htaccess rule was not got updated. It was looking for intervention. I have disabled both the changes I have mentioned here. One change is what I have written here and another change I have mentioned that I have taken from Amit's blog. I need to implement changes one by one and see the result.

Update time again!
I have removed all changes I have done after reading Amit's blog and updated my code a little. I saw that supercache was adding index.html after each url. I guess this can be requirement by Super Cache. So, I have updated the code a little and testing it. Here is the new code I am running:

RewriteCond %{REQUEST_URI} !(.*\.html/index.html).*
RewriteCond %{REQUEST_URI} (.*\.html)/.*
RewriteRule ^(.*\.html).* /$1? [R=301,L]

Again it is working correctly. But lets see. Result should be proved by tomorrow! Then I can work on Amit's suggestion.
Important: After the error I need to delete all cache files from Cache folder. This is the default cache folder: public_html/wp-content/cache. I went to meta and supercache folder and deleted all files.

  • # 1 - by Gauhar Kachchhi

    Thank you for this useful article. Most of my blogs were hijacked and their traffic was being diverted to other sites. I have done my best to resolve the problem, and some of the lost traffic has come back now…

    Today, I checked my error log and was shocked to see strange things in them… Looks like hacking attempts are ongoing, or probably have even succeeded. How should I rescue my sites?

    Here is an example of stuff in my error log — http://pastebin.com/8PqNJgw9

    So, does it look like I have been hacked? How should I rescue my blog?

    • # 2 - by Satya Prakash

      I see it is all due to DB errors. You may have changed the DB settings of WP. WP generally comes with utf-8 and your requirement should be met with that! There was a plugin called “Stealth Login” earlier. You may like to try that or similar plugin as well.

Comments are open for an year period. Please, write here on Facebook page.