In wordpress, when you hit url like the following:
http://www.example.com/?author=1
If the author ID is valid then they will be redirected to the author URL, for example:
http://www.example.com/author/username
Then the hacker start attacking the username. How could I disable (?auther=xx) query in url?
for example redirect the request to another page like 404 (not found) page
I believe that dingo-d has it right, above, referring to the 301 redirect. I have installed 301 redirects on several Wordpress sites to accomplish this. I redirect [domain]/?author=* with a wildcard to my 404 page. I have watched my activity logs before and after implementing this. The malicious login attempts immediately switch from valid user names to the generic "admin."
Add the following filter to your functions.php file;
add_action('template_redirect', 'disableAuthorUrl');
function disableAuthorUrl(){
if (is_author())) {
wp_redirect(home_url());
exit();
}
}
This will check all incoming requests to see if the page requested is an author page, and if so, redirect to the homepage, or wherever else you choose.
Related
We have a wordpress site http://10.10.10.10/sitename/.
When the user enters a "string" in the search bar and hits enter, the request is sent to http://10.10.10.10/?s= and is thrown the default Apache index.html.
Expected behavior: The user should be sent to http://10.10.10.10/sitename/?s= instead of http://10.10.10.10/?s=
What are the possible ways to implement a redirect from /?s= to /sitename/?s=
Thank you,
You have to use the wp_redirect() function of the wordpress
$url ="http://10.10.10.10/sitename/?s=";
wp_redirect($url);
here is the wordpress documentation page of this function
I have a php script that redirect the user to a specific page based on a record id (e.g. example.com/page.php?id=4)
My question is: How can I redirect the user to the 404 Error page if he type in the browser a record id that doesn't exists? (e.g. example.com/page.php?id=59542)
Although, putting an id that doesn't exists in the DB shows no data, but the user still can see the page template.. but with empty data...
Thanks
Using if statements check if there is such ID in the database, if it does not exist, do:
header("Location: 404.php");
You can change 404.php to your 404 file location.
You should send a 404 header, and maybe display a custom not found page:
<?php
header("HTTP/1.0 404 Not Found");
include("404.php");
?>
You can create a page, (a complete page, with CSS, ...) and redirect to that page every 404.
Example: Look what google does https://www.google.com/adlkfjaoie43 they created a page to redirect to.
I am using a cms, and file-not-found errors can be handled in different ways:
The page will not be redirected, but an error-msg will be displayed as content (using the default layout with menu/footer).
The page will be redirected to error.php (the page looks the same like 1. but the address changed)
The page will be redirected to an existing page, e.g. sitemap.php
Is there a method to be preferred in regards to search engines, or does this make no difference?
If it's not found, then you should issue a 404 page. Doing a redirect causes a 302 code, followed by a '200 OK', implying that there IS some content. A 404 flat out says "there is no file. stop bugging me".
Something like this would present a 404 page with proper header code:
<?php
if ($page_not_found) {
header('This is not the page you are looking for', true, 404);
include('your_404_page.php');
exit();
}
Don't redirect.
Forget about search engines. If I type a URL in and make a small typo and you redirect me away, then I have to type the whole thing in again.
The page will not be redirected, but an error-msg will be displayed as content (using the default layout with menu/footer).
Try to make it clear it is an error page. It shouldn't look too much like a normal page.
The page will be redirected to error.php (the page looks the same like 1. but the address changed)
No. Really, really no.
The page will be redirected to an existing page, e.g. sitemap.php
There are a few redirect status codes in HTTP, none of them are "Not Found, but you might like this instead".
I have a dynamic review system in place that displays 30 reviews per page, and upon reaching 30 reviews it is paginated. So I have pages such as
/reviews/city/Boston/
/reviews/city/Boston/Page/2/
/reviews/city/Boston/Page/3/
and so on and so forth
Unfortunately, Google seems to be indexing pages through what seems like inference - such as
/reviews/city/Boston/Page/65/
This page absolutely does not exist, and I would like to inform Google of that. Currently it displays a review page but with no reviews. I can't imagine this being very good for SEO. So, what I am trying to do if first check the # of results from my MySQL query, and if there are no results return a 404 and forward them to the home page or another page.
Currently, this is what I have.
if (!$validRevQuery) {
header("HTTP/1.0 404 Not Found");
header("Location: /index.php");
exit;
}
Am I on the right track?
You need to output the 404 status, and show a response body (= an error page) at the same time.
if (!$validRevQuery) {
http_response_code(404);
// output full HTML right here, like include '404.html'; or whatever
exit;
}
Note that you cannot use a redirect here. A redirect is a status code just as the 404 is. You can't have two status codes.
You cannot do both send a 404 status code and do a redirection (usually 3xx status code). You can only do one of them: Either send a 404 status code and an error document or respond with a redirection.
As Pekka suggests, the best option is to do a 404 status, and then put your 404 page code after that.
It is bad practice for SEO if you just 301 (redirect) the page because then the search engines will continue to visit the page in order to see if the redirect is still there.
I'm creating a PHP CMS and have some system pages like a 404 page, a maintenance page, and an unauthorized access page. When Page A isn't found, the CMS will redirect to the 404 page; if the user doesn't have access to Page B, it will redirect to the unauthorized access page, etc.
I'd like to use the proper status code in the header of each page, but I need clarification on how to handle the header/redirect. Do I put the 404 header on Page A and then redirect to the 404 page or do I put the 404 status on the 404 page itself? Also, if the latter is the correct answer, what kind of redirect should I use to get there, a 301 or a 302?
If a user arrives on page A and that page doesn't exist, then do not redirect : just send a 404 error code from page A -- and, to be nice for your user, an HTML content indicating that the page doesn't exist.
This way, the browser (and it's even more true for crawlers ! ) will know that the page that is not found is page A, and not anything else you'd have tried to redirect to.
Same for other kind of errors, btw : if a specific URL corresponds to an error, then, the error code should be sent from that URL.
Basically, something as simple as this should be enough :
if (page not found) {
header("404 Not Found");
echo "some nice message that says the page doesn't exist";
die;
}
(Well, you could output something nicer, of course ; but you get the idea ;-) )
I'm not sure if the redirecting is the best way for doing this. Id rather use some built in functionality that is included into the project.
If the data is not found, do not redirect the user to another page, just send him an error message, like Hey, this site does not exists! Try an other one and so.
And not at the end, you should build into the code, the code-part from the answer of Pascal Martin.
I would do this into a function, and call it from a bootstrap or something with a similar behavior.
function show_error($type="404", $header = true, $die = false)
{
if($header)
header("404 Not Found");
echo file_get_contents($type.'.php');
if($die) die; //
// and so on...
}