Logo Questions Linux Laravel Mysql Ubuntu Git Menu

How to write mod_security friendly PHP code?

I made a theme in WordPress which hit the mod_security rule on HostGator and gave 403 error.

I contacted people there(at HostGator) and they fixed it for me. But I don't want my theme to work like this.

I just wanted to know if there are any guides/blog post/tutorials telling about writing PHP code which is mod_security friendly?

I tried Google, but didn't find anything helpful.

like image 914
kapeels Avatar asked Nov 15 '22 09:11


1 Answers

I'm not sure there are many guides for this, especially since mod_security configuration varies from server to server.

The closest thing I would recommend is taking a look at the Core Rule Set Project. There's tons of rules in there. There's a lot of them.

Some general things to avoid would be:

  • including function names in parameters
  • using SQL queries/keywords (like SELECT, UPDATE, DELETE FROM) in the URL or POST
  • using HTML in the url

What exactly triggers it may vary. If possible, I would ask the HostGater people what rule it triggered and try to get some feedback. If not setup mod_security on your private box (or a VM), and see if your theme triggers any of the rules in the core rule set.

like image 74
Reece45 Avatar answered Dec 06 '22 03:12