If your WordPress website has ever been hacked, you know there is a lot of cleaning up to do after cleaning up the database, files and of course spiced up your security, right?
In many cases, the hackers use the hacked website to inject spammy URLs containing pharmaceutical or other content on your website. Perhaps even more malicious code, but that’s for another post another day.
One thing is cleaning up the hack, removing all the bad code and securing your website for future attacks. But what about the spammy URLs?
Fortunately, it is quite easy to make 301 redirects in WordPress – the manual way by editing the .htaccess file or the redirect feature in the WordPress SEO plugin by Yoast – Check out our comparison between Yoast and AIO SEO Pack.
The problem is when you have been hacked and have thousands of bad URLs you want to redirect, it is a hassle to do manually.
So, I decided to create a solution that automatically creates a 301 redirect for 404 pages, and even cleans up the unused ones.
There are several ways this can be implemented, but for me, I just edited the 404.php page in my theme.
This means the first time a visitor (or robot) visits the URL, the 404 page is presented, as well as a 404 HTTP status. On any future visits to that URL, a 301 redirect is sent to the URL of your choice. Easy, right?
First visit http://domain.com/buy-pills-of-some-kind.html :
A 404 page is presented, and the code below creates a redirect that is then handled by the Redirection plugin in the future.
Second (and following) visits http://domain.com/buy-pills-of-some-kind.html :
A 301 redirect to the URL of your choice.
When you make 404 redirects to the frontpage you create what are called “soft 404” – The best way to redirect missing content would be to redirect the content to another related page instead of the frontpage of your website.
Warning: The following code can mess up your website if you do not know how to use it or understand the consequences. Please, be careful 🙂
Enough with the disclaimer, here is the code. If you do not have a 404.php file in your WordPress theme, create it.
The code is not pretty right now. Feel free to update as you see fit 🙂 Perhaps I will one day improve it when I have more time.
Crucial technical detail: The Redirection plugin runs and handles redirects before the 404.php template is called.
Under normal circumstances, I would have had to create a ton of redirects manually for the spammy URLs. By using this code the redirects were created automatically.
A few technical notes
Notice the last_count column? The ones that have “0”, means the redirect has been created, but no subsequent visits made (yet) to that URL.
The ones with “1” means the page has been accessed twice. The first time just creates the redirect and presents a normal 404 page. The second time the redirect kicks in, and the “last_count” is updated.
All of this is handled by the Redirection plugin… Thank you, John for the great plugin 🙂
Cleaning up old redirects
As you can imagine, there can quickly be a lot of redirects filling up in your database. The Redirection plugin monitors not only the number of redirects but also when the redirect was last accessed.
This means we can create a small piece of code that checks and deletes all redirects more than x days old.
I think 21 days (3 weeks) is a reasonable amount of time. The code below checks if there are any redirects that have not been accessed/used in more than 21 days, and then just remove them.
Let me repeat: Be very careful when you implement this. If you mess up you can set up redirect loops that prevent you and your visitors from accessing your website completely.
If you should be so unlucky to create a redirect loop, you fix the problem by using PHPMyadmin or similar tool to access your database. Look for the table normally called “wp_redirection_items” (the wp_ part might differ).
The redirects are in there. You can locate the faulty redirect(s) here and remove them, restoring your website.
- hack spam page 301 or 404