Ask your WordPress questions! Pay money and get answers fast! (more info)

Disable Access To Content Via Shortlink URL WordPress

  • SOLVED

Scenario:

When using custom permalinks you can create custom slug references for your posts and pages.

A page could be accessed via this made up permalink url: http://www.domain.com/semi-public-post

If you don't know the full permalink url, you would not be able to access the page if it is not mentioned anywhere.

Because you would not be aware of the location, provided it is not mentioned on the site, in a sitemap, archives, etc or indexed in some sort of way.

Only people with direct knowledge of the url or who would be redirected to this url could view the content... in theory.

But there is a WordPress loophole that could allow someone to search for this content by using the raw short link url.


For example, the above demo url could have the short link http://www.domain.com/?p=4

A few tries is all it would take to find the content, as you would be automatically redirected to the full demo url.


When you have custom permalinks enabled, can you turn off short link access functionality completely?

And if so, how can you include this disable function into a theme?

Answers (3)

2013-11-30

Fahad Murtaza answers:

OK here is the solution. Just add to functions.php


add_action('init', 'process_post');

function process_post(){
if(isset($_GET['p']) && $_GET['p']!='') {
wp_redirect(home_url());
exit();
}
}


Much simple and clean.


Edwin comments:

Thanks Fahd, works great!


Fahad Murtaza comments:

Hi Edwin, please use the latest code I just provided. Its concise!

2013-11-30

Dbranes answers:

Here is a modification of Fahd's code, that you could try:

function custom_redirect() {
if ( ! is_admin() && isset( $_GET['p'] ) )
{
wp_redirect( home_url( "/404/" ) );
exit;
}
}

add_action( 'template_redirect', 'custom_redirect', 9 );


where the action priority <em>10</em> is too late, so we use <em>9</em> instead.


Edwin comments:

Thank you Dbranes, this is also a working solution, much appreciated.

2013-11-30

Just Me answers:

IF you wanted to use .htaccess file you could check for the ?-mark and redirect to homepage or other page.