greenweeds

OK the only way I can find to stop this until google ages it out – since ANY unrecognised/unfulfilled parameter will take you to the home page – is this:

1. Added this to .htaccess to remove the pages with the particular query string. Clunky but works

RewriteCond %{REQUEST_FILENAME} !^(.*)\.(css|js)$
RewriteCond %{QUERY_STRING} c=([a-z]+)
RewriteRule ^(.*)$ – [R=404,L]

2. Gone to google, looked in URL parameters, found parameter ‘c’ and told google not to crawl it in future

3. Manually submitted the 131 bad URLs remaining in google for removal.

Just have to wait for google to catch up and pray that there’s not some essential function that uses c as a query parameter….
Hope this helps someone.

Hi there, thanks for both these responses. What I’ve discovered so far:

• the hackers seem to have taken advantage of what I think is a bit of an oddity, if you add one of the url’s to ANY wordpress site it takes you to the home page. But obviously whilst the site was hacked, you would go to the spam page which is still listed in google … – an example is /c=autopzionebinarie&7cc=38 on the end of the home page URL.
• What this means is that I can’t ask google to delist the pages that are hacked – any of them – because it won’t let you delist a page that exists. And as the spam after cleaning takes you to the home page, I can’t get rid of them quickly from google. I can only hope they age out – IF it’s not still redirecting!
• Me, the Wordfence people and the hosting people have checked the .htaccess and it checks out fine. But you’re right it could have been a problem there…
• I do have Yoast SEO installed. I might try cleaning it out of the database as well as removing the plugin
• I’ll double check with the hosters now just in case

It looks a bit to me as though the hackers have spotted this oddity in WordPress and exploited it…. Grrrrrrr…. If I find the answer (or if anyone else does) I will post….
(In case I confuse anyone it’s not my own website that was hacked but a client’s)

Hello – just popping in to say I used to take advantage of the bug too! In one of my sites it seems I can still translate the address, but in one that I am currently developing I can’t unfortunately. In this case working in Welsh and English and I suspect we have the same ‘political’ problems as you have in Quebec with regard to using the correct address format.
The only thing I would say though is that I think it used to work better than you might think? The site that’s still working doesn’t have future events just now, but an old event can be seen here as an example

You are very welcome, my comments are genuine, I am very pleased with the work that you do with Content Views. Take care.

Thank you, this was the solution.
In case it helps anyone else, what I did in the end was use your suggestion but I created a custom version of pdb-record. If someone is logged into wordpress and uses the private id link to access the record page, then the publish-the-post link is shown, whereas if someone clicks on the private id link from their membership email, they are not logged in so they don’t get the publish link.
Works a treat, thanks!

Excellent thanks!
I will give this a try and report the (positive) news…
The extension is fab by the way… I’m looking forward to the oohs and aahs of admiration from our users (I wish….)