Protect Your Site from Malicious Requests : There are various ways to secure your website. You can install a security plugin, turn on a firewall or opt for a free feature such as Jetpack Protect that blocks brute force attacks on your website.

The following code snippet, once placed in your functions.php file, rejects all malicious URL requests:

Protect Your Site from Malicious Requests

global $user_ID; if($user_ID) {
    if(!current_user_can('administrator')) {
        if (strlen($_SERVER['REQUEST_URI']) > 255 ||
            stripos($_SERVER['REQUEST_URI'], "eval(") ||
            stripos($_SERVER['REQUEST_URI'], "CONCAT") ||
            stripos($_SERVER['REQUEST_URI'], "UNION+SELECT") ||
            stripos($_SERVER['REQUEST_URI'], "base64")) {
                @header("HTTP/1.1 414 Request-URI Too Long");
                @header("Status: 414 Request-URI Too Long");
                @header("Connection: Close");

Another option is to go to the next page and learn how to do this with a custom plugin so you can control the option via the WordPress Dashboard by enabling and disabling the plugin accordingly. However we recommend leaving enabled if your website is live.  🙂