There are various ways that you can choose to secure your WordPress website and protect it from malicious requests. You could install one of the many security plugins available, turn on a firewall, or utilize a free built-in feature. Another way is to use a simple PHP function that will reject all malicious URL requests. In this tutorial we will teach you how to protect your WordPress site from malicious requests via a WordPress function.

Protect your WordPress Site from Malicious Requests via a PHP Function

In order to protect your WordPress site from malicious requests, we will need to add a PHP filter to the WordPress functions file. Open your functions.php file then copy and paste the code below. Your WordPress site will now reject all malicious URL requests.


global $user_ID; if($user_ID) {
    if(!current_user_can('administrator')) {
        if (strlen($_SERVER['REQUEST_URI']) > 255 ||
            stripos($_SERVER['REQUEST_URI'], "eval(") ||
            stripos($_SERVER['REQUEST_URI'], "CONCAT") ||
            stripos($_SERVER['REQUEST_URI'], "UNION+SELECT") ||
            stripos($_SERVER['REQUEST_URI'], "base64")) {
                @header("HTTP/1.1 414 Request-URI Too Long");
                @header("Status: 414 Request-URI Too Long");
                @header("Connection: Close");


If you are having problems getting this tutorial to work please reread the tutorial and try again, if you still cannot get it to work please leave us a comment below and we will respond as soon as possible. Please do not email us with problems regarding this tutorial, only comments will be responded to.

Share This