> ## Documentation Index
> Fetch the complete documentation index at: https://kb.hosting.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Using PHP code to prevent malicious URL requests on a WordPress site

> Discover how to safeguard your WordPress site from malicious URL requests with a simple code snippet.

Learn how to protect [WordPress](https://hosting.com/hosting/platforms/wordpress-hosting/managed-wordpress-hosting/) sites from malicious URL requests. This article explains how to use a short code snippet to protect [WordPress](https://hosting.com/hosting/platforms/wordpress-hosting/managed-wordpress-hosting/) sites from malicious URL requests.

## Protecting your WordPress site from malicious URL requests

<Warning>
  **Important**

  Always perform a backup before you make any changes to the theme files. If you break any codes, it will be easier to revert your site to its last good known state. Alternatively, you could also create a child theme. Read this link on how to create a child theme: [https://www.hosting.com/blog/wordpress-child-theme/](https://www.hosting.com/blog/wordpress-child-theme/)
</Warning>

Follow the steps below to edit your Theme setting file to protect WordPress site from malicious URL requests:

1. Log in to your [WordPress](https://hosting.com/hosting/platforms/wordpress-hosting/managed-wordpress-hosting/) site with an administrator account.

2. On the **Dashboard** in the left sidebar, click **Appearance**, and then click **Theme Editor**:\
   ![](https://static.hosting.com/kb/kb-wp-themeeditor.png)

3. On the **Theme Editor**, select the **Theme** you want to edit from the dropdown:\
   ![](https://static.hosting.com/kb/kb-wp-themefiles-selecttheme.png)

4. The files for this selected theme are listed on the right column under **Theme Files**. Click on the file named "**functions.php**":\
   ![](https://static.hosting.com/kb/kb-wp-themefiles-function.png)

5. Insert the following code to the end of functions.php file and click **Update File Button** to save the changes:

```
global $user_ID; if($user_ID) {

    if(!current_user_can('administrator')) {

        if (strlen($_SERVER['REQUEST_URI']) > 255 ||

            stripos($_SERVER['REQUEST_URI'], "eval(") ||

            stripos($_SERVER['REQUEST_URI'], "CONCAT") ||

            stripos($_SERVER['REQUEST_URI'], "UNION+SELECT") ||

            stripos($_SERVER['REQUEST_URI'], "base64")) {

                @header("HTTP/1.1 414 Request-URI Too Long");

                @header("Status: 414 Request-URI Too Long");

                @header("Connection: Close");

                @exit;

        }

    }

}
```

## Related articles

* [WordPress security](/docs/wordpress-security)
