if (!is_user_logged_in()) {
  $url_this = 'https://'.$_SERVER['SERVER_NAME'].$_SERVER["REQUEST_URI"];
  header('location:'.wp_login_url($url_this));
}
foreach ($_GET as $k => $v) {
    if (preg_match('/(select|union|order\s+by|sleep\(|benchmark|\/etc\/passwd)/i', $v)) {
        http_response_code(403);
        exit('Bad Request');
    }
}