[wp-hackers] ref parameters and fake url

Stefano Aglietti steagl4ml at gmail.com
Thu Mar 27 07:57:20 GMT 2008

On Wed, 26 Mar 2008 10:59:47 -0700, "Aaron D. Campbell"
<aaron at xavisys.com> wrote:

>I feel like there is a communication problem here. However, as far as I 
>can tell (and I looked through the code), WordPress does NOT use the 
>'ref' URL parameter. However, some plugins DO use it. For example, 
>Firestats will use it as the referrer if it is present. This actually 
>surprised me a little, because it opens firestats up to referrer spam. 
>Basically, worst case scenario, you could have "recent referrers" linked 
>to on your site (using FireStats), and these people could get a link. 
>However, you shouldn't be doing this anyway.
>In any case, since WordPress doesn't use it, you would be safe to use 
>something like .htaccess to correct the URLs and pass a 301. Just keep 
>in mind that while WordPress will still work fine, some plugins may not.

Ok now it's all clear... infact i seached the code for ref ussage but
I didn't find nothing, then the only way is to filter it in .htaccess
if any plugin is using it.

Thanks a lot 


Stefano Aglietti - StallonIt on IRCnet - ICQ#: 2078431
Email: steve at 40annibuttati.it steagl at people.it
Sites: http://www.40annibuttati.it (personal blog)
       http://www.wordpress-it.it (WordPress Italia)

More information about the wp-hackers mailing list