You could hook intop pre_comment_on_post: add_action( ‘pre_comment_on_post’, function(){ if ( empty ( $_SERVER[‘HTTP_REFERER’] ) ) exit; }); But … be aware, not all requests without an referer are actually spam posts. Some firewalls and proxies strip this field. And most automated spam comes with a Referer field filled with the name of the spammed domain. … Read more
With localhost, you need to make sure that your mod_rewrite is on. You can do this in your httpd.conf file in MAMP. MAMP > CONF > APACHE > ORIGINAL > httpd.conf. Uncomment this line: LoadModule rewrite_module modules/mod_rewrite.so
[answer updated as wanted] It’s better to hook your function to generate_rewrite_rules so you won’t have fall into infinite loops and flushing rewrite rule on every request. So you can do this: function add_my_rules($wp_rewrite) { $new_rules = array( ‘^cityprofile/\?city=(Sydeny|Melbourne|Brisbane)$’ => $wp_rewrite->preg_index(1) // for 3 cities ); $wp_rewrite->rules = $new_rules + $wp_rewrite->rules; } add_action(‘generate_rewrite_rules’, ‘add_my_rules’); and … Read more
Adding the [L] flag to the [NC,R=301] piece (ie, [NC,R=301,L]), which tells the RewriteEngine that the RewriteRule is the last one for the block of RewriteConds, apparently solved the problem. RewriteEngine on RewriteCond %{HTTP_HOST} name.com RewriteCond %{REQUEST_URI} ^/(1[0-9]{3}|200[0-9]|201[0-3]) RewriteCond %{REQUEST_URI} !/2013/12 RewriteRule ^([0-9]{4})/([0-9]{2})/(.*)$ http://v2.name.com/$1/$2/$3 [NC,R=301,L] # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule … Read more
You may also want to look into who the owner is of the folders as well as permissions. I’ve just recently completed setting up multiple WP sites on a local Ubuntu server & the majority of issues I ran into were permissions related. WordPress documentation for permissions: http://codex.wordpress.org/Changing_File_Permissions
I understand this isn’t exactly what you’re looking for but these hackers are most likely bots and redirecting them won’t matter at all. I suppose you could modify the below code if you reallllly wanted to but this will redirect anybody looking for an author back to your homepage. RewriteCond %{REQUEST_URI} ^/$ RewriteCond %{QUERY_STRING} ^/?author=([0-9]*) … Read more
More reliable will be allowing specific IP instead of domain using REMOTE_ADDR header. You can use HTTP_REFERRER header but it is not reliable. You can do it via using rest_authentication_errors filter. add_filter( ‘rest_authentication_errors’, ‘wpse150207_filter_incoming_connections’ ); function wpse150207_filter_incoming_connections( $errors ){ $allowed_ips = array( ‘127.0.0.1’ ); $request_server = $_SERVER[‘REMOTE_ADDR’]; if( ! in_array( $request_server, $allowed_ips ) ) return … Read more
You might have edited your .htaccess file in Windows notepad or text editor. If you did use Windows text editor then it must have added some special chars in .htaccess file and that will lead to 500 internal server error. Never edit in Windows text editor. Use notepad++ for editing .htaccess and .htpasswd files.
Based on your pastebin of the plugin code, the issue seems to be in the registration of the custom post type. The issue is on line 25. “Rewrite” should be set to true. <?php private $postTypeArgs = array( ‘public’ => true, ‘rewrite’=> false, ‘singular_label’ => ‘mydomainlist’, ‘publicly_queryable’ => true, ‘show_ui’ => true, ‘show_in_menu’ => true, … Read more
Turns out .htaccess was missing the following lines # uploaded files RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]