Redirect Spam Query String URLs Created After Hack

One of my sites was hacked and after that thousands of urls were showing up.

I want to edit my htaccess so that all urls that have /?x= are redirected to page without the query string.

Read More

The site is a word press site so cant redirect all urls with a query string or the site stops working properly.

Basically I need:

www.example.com/?x=spamurl

to redirect to

www.example.com

and any deep page that includes ?x=

www.example.com/category/?x=spamurl

to redirect to

www.example.com/category/

This is my current htaccess

   # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    RewriteCond %{QUERY_STRING} x=
    RewriteRule ^$ http://www.example.com/? [R=301,L]
    </IfModule>

    # END WordPress

As you can see I have managed to get any url with ?x= after the main url to redirect to the main page but I cant figure out how to do this when ?x= shows after category pages etc..

Is there coding that can redirect ALL urls that include ?x= to a 404 page without causing an issue for wordpress files?

Many Thanks

Scott

Related posts

Leave a Reply

1 comment

  1. You need to move your redirect rules to before your wordpress rules. You also need to match any incoming URI:

    RewriteCond %{QUERY_STRING} ^(.*)(^|&)x=[^&]+(.*)$
    RewriteRule ^(.*)$ /$1?%1%3 [R=301,L]
    
    # BEGIN WordPress
    etc...
    

    This will remove only the x=something parameter, and if you have other parameters before or after, those are preserved.