We have a customer’s site that is being abused right now via many post attempts made to malicious files uploaded via exploits. We’ve tried and tried to help the client, but they keep dropping the ball. At this point we are wanting to deny ALL POST attempts made to the site.
I have done this in the past easily, by using the following snippet in the root .htaccess file:
<Limit POST HEAD>
order deny,allow
deny from all
</Limit>
However for some reason this time it’s causing the entire site to present a 403 forbidden error. Does anyone have any idea what I may be doing wrong? Also if it helps, the site is running WordPress so I have appended the above mentioned code to both the top of the .htaccess file as well as the bottom. Any help would be greatly appreciated!
