Disable HTTP TRACE/TRACK

Last Revised: October 2, 2021

TRACK and TRACE are two methods that come by default with Apache HTTPD and are mainly used for analysis, but these methods, used in WordPress, can compromise the security of the site since there are some possible Cross Site Tracing (XST) and Cross Site Scripting (XSS) attacks that could steal cookie data and some other information from the web server.

To disable these methods you just have to add these lines of code in the [.htaccess] of the root of the site.

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Seguir con Seguridad para WordPress


About this document

This document is regulated by the EUPL v1.2 license, published in WP SysAdmin and created by Javier Casares. Please, if you use this content in your website, your presentation or any material you distribute, remember to mention this site or its author, and having to put the material you create under EUPL license.