This is a repost from my old website.

If your WordPress website has ever been hacked, you know there is a lot of cleaning up to do after cleaning up the database, files and of course spiced up your security, right?

In many cases the hackers use the hacked website to inject spammy urls containing pharmaceutical or other content on your website. Perhaps even more malicious code, but thats for another post another day.

Spam urls you hate to see on your website.

Spam urls you hate to see on your website.

One thing is cleaning up the hack, removing all the bad code and securing your website for future attacks. But what about the spammy urls?

I use the excellent Redirection plugin by John Godley at urbangiraffe.com when I need to handle redirects. I have used it for years, its easy to use, stable and flexible.

The problem is when you have been hacked and have thousands of bad urls you want to redirect, it is a hassle to do manually.

So, I decided to create a solution that automatically creates a 301 redirect for 404 pages, and even cleans up the unused ones.

There are several ways this can be implemented, but for me I just edited the 404.php page in my theme.

This means the first time a visitor (or robot) visits the url, the 404 page is presented, as well as a 404 http status. On any future visits to that url, a 301 redirect is sent to the url of your choice. Easy, right?

First visit to http://domain.com/buy-pills-of-some-kind.html :

A 404 page is presented, and the code below creates a redirect that is then handled by the Redirection plugin in the future.

Second (and following) visits to http://domain.com/buy-pills-of-some-kind.html :

A 301 redirect to the url of your choice.

Voila 🙂

Warning: The following code can mess up your website if you do not know how to use it or understand the consequences. Please, be careful 🙂

Enough with the disclaimer, here is the code. If you do not have a 404.php file in your WordPress theme, create it.

The code is not pretty right now. Feel free to update as you see fit 🙂 Perhaps I will one day improve it when I have better time.

Important technical detail: The Redirection plugin runs and handles redirects before the 404.php template is called.

Spammy urls automatically redirected

Spammy urls automatically redirected

Under normal circumstances I would have had to create a ton of redirects manually for the spammy urls. By using this code the redirects were created automatically.

A few technical notes

Notice the last_count column? The ones that has “0”, means the redirect has been created, but no subsequent visits made (yet) to that url.

The ones with “1” means the page has been accessed twice. The first time just creates the redirect and presents a normal 404 page. The second time the redirect kicks in, and the “last_count” is updated.

All of this is handled by the Redirection plugin… Thank you John for the great plugin 🙂

Cleaning up old redirects

As you can imagine, there can quickly be a lot of redirects filling up in your database. The Redirection plugin monitors not only the number of redirects, but also when the redirect was last accessed.

This means we can create a small piece of code that checks and deletes all redirects more than x days old.

I think 21 days (3 weeks) is a reasonable amount of time. The code below checks if there are any redirects that have not been accessed/used in more than 21 days, and then just remove them.

Let me repeat: Be very careful when you implement this. If you mess up you can set up redirect loops that prevent you and your visitors from accessing your website completely.

If you should be so unlucky to create a redirect loop, you fix the problem by using PHPMyadmin or similar tool to access your database. Look for the table normally called “wp_redirection_items” (the wp_ part might differ).

The redirects are in there. You can locate the faulty redirect(s) here and remove them, restoring your website.

Error: Please enter a valid email address

Error: Invalid email

Error: Please enter your first name

Error: Please enter your last name

Error: Please enter a username

Error: Please enter a password

Error: Please confirm your password

Error: Password and password confirmation do not match