Title: Query String Exploit (?)
Last modified: September 1, 2016

---

# Query String Exploit (?)

 *  [a9fc](https://wordpress.org/support/users/a9fc/)
 * (@a9fc)
 * [9 years, 11 months ago](https://wordpress.org/support/topic/query-string-exploit/)
 * _[ Moderator note: [moved to How-to and Troubleshooting](https://wordpress.org/support/topic/wheres-my-topic-gone?replies=1&view=all).]_
 * Hey,
 * This seems to be happening mostly to wordpress sites.
 * Incoming links starting with /? will show the main page instead of a 404, even
   if it was non-existent.
 * I’m not an expert and I might be interpreting wrongly, however it seems like 
   it has something to do with the way wordpress deals with permalinks?
 * So, xyz.com/?stupid-giant-dildo/ will still show xyz.com and cause your site 
   to start ranking for spam content on your front page.
 * I’ve had to resort to .htaccess workarounds that breaks various functionality
   of wordpress and its themes. I’m still looking for a permanent solution, but 
   if there’s something that needs to be fixed in wordpress itself, I hope it can
   be done soon.

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Moderator [Marius L. J.](https://wordpress.org/support/users/clorith/)
 * (@clorith)
 * [9 years, 10 months ago](https://wordpress.org/support/topic/query-string-exploit/#post-7551398)
 * Hi,
 * Anything appended after a question mark in an URL is considered a query argument,
   since it isn’t in use, WP discards it internally but anything on the front end
   it won’t touch (since it’s not the URL you visited, it’s just an argument, and
   any plugin or theme can add such sections to the URL).
 * This is where the canonical URL in the header of your site comes into play, it
   tells search engines “The page you are looking at right now, it really has this
   URL without the `?something-here` bit”.
 * This is not a WordPress problem though, and not something WordPress can fix, 
   that’s how URLs work, and you can append anything you’d like to any website really.
 *  Thread Starter [a9fc](https://wordpress.org/support/users/a9fc/)
 * (@a9fc)
 * [9 years, 10 months ago](https://wordpress.org/support/topic/query-string-exploit/#post-7551428)
 * I see, apologies for my ignorance, thanks for your patience.
 * Btw, the problem I have is [here](https://wordpress.org/support/topic/visual-editor-visual-tab-not-working-query-string-adjustment-required?replies=1).
   If you have the time and you’re familiar with the issue, could you point me in
   the right direction?
 * If not, then it’s ok, and again, thx for your time =)

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Query String Exploit (?)’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 2 replies
 * 2 participants
 * Last reply from: [a9fc](https://wordpress.org/support/users/a9fc/)
 * Last activity: [9 years, 10 months ago](https://wordpress.org/support/topic/query-string-exploit/#post-7551428)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics