Skip to content

kianbabai/Pretty-Search-URLs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
README.md
README.md
 
 
cst.php
cst.php
 
 

Repository files navigation

Pretty Search URLs (MU)

A WordPress Must-Use (MU) plugin that enables clean, SEO-friendly search URLs like /search/term while providing robust security protection against common web attacks.

Description

This plugin transforms WordPress search URLs from the default query parameter format (?s=searchterm) to clean, pretty URLs (/search/searchterm). It also includes comprehensive security measures to detect and block malicious search queries that could compromise your site.

Key features:

  • Converts search URLs to clean /search/term format
  • Automatically redirects old search query URLs to the new format
  • Protects against Directory Traversal, LFI/RFI, SQL Injection, XSS, and Command Injection attacks
  • Works as a Must-Use plugin for seamless integration

Installation

For Standard WordPress Installation:

  1. Download the cst.php file
  2. Upload it to your /wp-content/mu-plugins/ directory
  3. If the mu-plugins directory doesn't exist, create it
  4. Visit Settings > Permalinks in your WordPress admin and click "Save Changes" to flush rewrite rules

For WordPress Multisite:

  1. Download the cst.php file
  2. Upload it to your /wp-content/mu-plugins/ directory
  3. The plugin will automatically activate network-wide
  4. Visit Settings > Permalinks and click "Save Changes" to flush rewrite rules

Usage

Once activated, the plugin works automatically. Any search on your site will be redirected to the clean URL format:

  • Old format: https://yoursite.com/?s=wordpress
  • New format: https://yoursite.com/search/wordpress

The search functionality remains unchanged - this only improves the URL structure.

Security Features

The plugin includes comprehensive protection against various web attacks through malicious pattern detection:

Directory Traversal & File Inclusion Protection

Blocks attempts to access unauthorized files or directories:

  • ../, ..\, /etc/passwd, /proc/, etc.
  • PHP stream wrappers like php://filter, data://, file://
  • Remote file inclusion patterns like http://, https://

SQL Injection Protection

Detects and blocks common SQL injection attempts:

  • Quote marks (', ") used to break out of string literals
  • SQL comments (--, #, /*)
  • SQL keywords (SELECT, UNION, DROP, etc.)
  • Advanced techniques like time-based injections

Cross-Site Scripting (XSS) Protection

Prevents client-side script injection:

  • Script tags (<script>, </script>)
  • JavaScript protocols (javascript:)
  • Event handlers (onload=, onerror=, etc.)
  • HTML tags commonly used for XSS (<img>, <svg>, <iframe>)

Command Injection Protection

Blocks attempts to execute OS commands:

  • Command chaining operators (&, |, ;, &&, ||)
  • Command substitution patterns (`, $())
  • Common system commands (wget, curl, bash, python, etc.)

How It Works

  1. When a search is performed, the plugin intercepts the request
  2. It checks the search term against an extensive list of malicious patterns
  3. If malicious patterns are detected, it returns a 403 Forbidden response
  4. If the search term is clean, it redirects to the pretty URL format
  5. The clean URL is then processed normally by WordPress

License

This plugin is licensed under the GPL-2.0-or-later license. See the LICENSE file for details.

GitHub Repository

The project is hosted on GitHub: https://github.com/kianbabai/Pretty-Search-URLs

Author

Kian babaabady

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages