Reject all malicious URL requests functions.php

All publicly visible sites on the internet get hit with ridiculous URL requests fairly often. These come from script kiddies (low-rent cybercriminals, the kind of children who think they’re l33t or something) trying to get your site to misbehave and give them access using (mostly) old tricks that exploit long-fixed bugs. Some of the tricks they try are decades old.

Trying to stay ahead of these ridiculous URLs on your own site isn’t worth your trouble: you’ll just be playing whack-a-mole. There’s already lots of stuff in WordPress, php, and web servers (like Apache and litespeed) to repel these attempted invasions. You’re much better off doing these things:

  1. Regularly updating WordPress, your themes, and your plugins to the latest versions. These updates often fix security issues and plug new holes, and often (not always) before the kiddies figure out how to exploit them.

  2. Making it really hard to guess your administrative username / password combinations. Use a hard to guess username rather than admin. And use a hard to guess password.

  3. Installing a security plugin to slow down the kiddies.

  4. Not keeping data on about visitors to your site unless you have good reasons. Sites with less data are less interesting to kiddies.

That being said, pretty much all WordPress add-on code, like yours, must be registered as a Hook : an Action or a Filter so WordPress knows when to run it and what to do with the result. Often a big challenge when writing code to add in to WordPress is figuring out which hook to use. Did the code snippet in your question mention which hook should invoke it?

The first hook on an ordinary WordPress page is do_parse_request. If you return false from this filter WordPress goes on to completely ignore the incoming web request.

So you might try


add_filter('do_parse_request', my_parse_request_filter, 10, 3 );
function my_parse_request_filter ($continue, $wp, $extra_query_vars) {
  if ( something is wrong with $_SERVER['REQUEST_URI'] ) {
    $wp->query_vars['error'] = 414;
    $return false;
  }
  return $continue;
}

but any administrator or other logged-in user isn’t yet known in that filter.

Related Posts:

  1. Enforcing password complexity
  2. Does My Child-Theme Functions.php Need if{die} Security In It? [duplicate]
  3. Delete post revisions on post publish
  4. Can I write ‘RewriteCond’ using ‘functions.php’?
  5. my function doesn’t return my post from today
  6. Evaluations of two wordpress security plans against php code injection attack
  7. only show container with next/prev links if they exist?
  8. ACF: how do I get the fields and its values of a specific group?
  9. Generating an nonce for Content Security Policy and all scripts – How to make it match/persist for each page load?
  10. wp-comments-post.php file returns a blank page
  11. register_taxonomy() take much queries
  12. How to prevent a function from running based on host (ie web vs local)?
  13. SQL error with custom query
  14. Access WP files on “server 1”, from “server 2” – using wp-load on an external website
  15. Offset with ajax load more posts duplicates
  16. How can I display a query in a page?
  17. Echo multiple tasks if a common function exists
  18. Published custom posts missing
  19. Check if values exists DB
  20. what to do after instlling cyberpanel on VPS
  21. Exclude a category ID from the following function
  22. Need help setting default setting value for radio button in theme customizer
  23. How to automatically apply woocommerce product title to all product images alt tags?
  24. How to store the_title() into a variable to reutrn the value, not just echo it
  25. exclude multiple terms using get_terms() function
  26. Create a global variable for use in all templates
  27. How to order WP_User_Query results to match the order of an array of user IDs?
  28. Should the value of core functions be escaped before outputting?
  29. Why is my custom meta box input not saving
  30. Dynamic URL to reference custom PHP files
  31. Renaming wp-content folder dynamically
  32. WooCommerce – Customer Order History Pagination
  33. Change dns-prefetch to preconnect with correct protocol
  34. display most popular tags in two columns
  35. Can I view my own wordpress php source code on my hosted web server?
  36. How to make thumbnail image fit into a div where image dimentions are completely different?
  37. Add before_content and after_content to register_sidebar
  38. How to access function from outside of a class within this class in WP plugin?
  39. Word Count Function Preventing Permalink Editing
  40. PHP can I add line numbers to file_get_contents()
  41. Using file_get_contents with Gravity Forms uploads folder to create images in the media library returning false
  42. Replace word in “the_content” only for index.php
  43. Detect session/cookie variable in wordpress to prevent access to documents
  44. php function to display commenter username or login
  45. How to change menu order item
  46. responsive.css in the WordPress should be prioritized
  47. Odd / Even posts add class minus first post
  48. How to display login form anywhere, when user isn’t logged in, without redirecting?
  49. Multiple meta_key in one global $wpdb;
  50. How to add div blocks after certain set of post
  51. HTML Special Characters in URL string [closed]
  52. Create page template via functions.php?
  53. Send a mail to specific address in a custom field when a new comment is made on a specific post
  54. CSS change in woo commerce Place Order Text [closed]
  55. Add URL parameter to all internal links using a specific theme
  56. Warning: call_user_func() expects parameter 1 to be a valid callback, function
  57. Change MySQL PDO connection to a WPDB connection
  58. Hide a div when a custom field is empty
  59. Query pulling a single post per month
  60. Modify WooCommerce used to get all orders in dashboard
  61. Need help for some PHP code
  62. How can I update WordPress plugins or WordPress itself in all server?
  63. Adding HTML Code to Replace Text in PHP
  64. Run a sql (update) after 12 hours after the user login. Woocommerce users
  65. Wp_Schedule_Event every few minutes doesn’t work
  66. File from parent theme imported to child theme doesn’t work – any ideas?
  67. Problem with displaying CSS Stylesheets – Am I adding them correctly in my wordpress child theme?
  68. (solved) WordPress Site not loading properly
  69. register_block_type is not working properly
  70. How to secure my php forms
  71. PHP “warning include_once(): Failed to open stream” Simple HTML DOM in WordPress Child Theme
  72. cURL needing to loop through all “next_page”
  73. How to center all text body in single.php at once?
  74. getting the values of hidden inputs to use them in a php mysql query
  75. How can I get my pagination loop to display the correct number of total pages?
  76. Get posts by id using shortcode
  77. Is it possible to replace ‘attachment’ with another word?
  78. How to include a function in a template with template tag
  79. wordpress all post filter by year
  80. Show post/page into div using function
  81. PHP get_category() function redeclared
  82. How to trim content AND retain HTML?
  83. Pulling a variable into the wp_nav_menu function
  84. Popular Post Not Show
  85. How to enqueue assets only on queried pages, excluding the page being queried?
  86. WordPress – registering sidebar and adding a button directly after .textwidget
  87. Arrange Category post manually when displayed
  88. WordPress adding in site URL to header links
  89. Adding code to the function file
  90. Error on Include php:/usr/share/pear
  91. I am trying to replace a string with other from function.php
  92. wp_query on search results page showing all results every time
  93. Problem with function.php.. like
  94. Echo get_option displays as text
  95. Need help with Deprecated: Non-static error when update PHP 7.4 -> 8.1 with Dyad 2 theme
  96. posts_clauses drop ACF get_field function
  97. Frontend redirect after delete post in wordpress
  98. Link on post title only if post have content
  99. How to save a post to a Custom post type and copy the information to another Custom post type?
  100. Is there a hook that I can use when a fatal error occurs?