Last active
March 16, 2025 12:45
-
-
Save Qubadi/e2ce7959b1400379d596a59c259ec8c0 to your computer and use it in GitHub Desktop.
Randomized thank you page redirect with unique slug
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Copy the following PHP code and create a PHP snippet using your snippet plugins. | |
| Paste the code into the plugin and save it. | |
| Changes page ids: function add_specific_rewrite_rule_for_thank_you_page() { | |
| // Get the post ID for your thank-you page | |
| $thank_you_page_id = YOUR PAGE ID; | |
| and: function handle_thank_you_page_redirection() { | |
| // Define the post ID for your thank-you page | |
| $thank_you_page_id = YOUR PAGE ID; | |
| Description | |
| Above code snippet handles a redirect to a thank you page in WordPress by creating a unique slug every time and securing | |
| it with a nonce. On form submit, a user will be redirected to a dynamically created URL that may possess some sort of unique | |
| identifier. If the same URL is tried to visit again by the user, he will be rerouted to the home page. The implementation uses | |
| transients in tracking visits and nonces to prevent some unauthorized requests. | |
| _______________________________- | |
| add_action('template_redirect', 'handle_thank_you_page_redirection'); | |
| function handle_thank_you_page_redirection() { | |
| $thank_you_page_id = YOUR PAGE ID; | |
| // Allow editors/admin/preview | |
| if (is_admin() || isset($_GET['elementor-preview']) || isset($_GET['bricks'])) { | |
| return; | |
| } | |
| if (is_page($thank_you_page_id)) { | |
| // Dynamically check if ANY query string (besides unique/nonce) exists = must be from form | |
| $query = $_GET; | |
| unset($query['unique'], $query['nonce']); // ignore system keys | |
| // If no other query arguments = probably accessed manually → redirect to homepage | |
| if (empty($query)) { | |
| wp_safe_redirect(home_url(), 302); | |
| exit; | |
| } | |
| // If unique/nonce missing or invalid → redirect with same query args + new nonce | |
| if (!isset($_GET['unique']) || empty($_GET['unique']) || !isset($_GET['nonce']) || !wp_verify_nonce($_GET['nonce'], 'thank_you_nonce')) { | |
| $unique_slug = bin2hex(random_bytes(8)); | |
| $nonce = wp_create_nonce('thank_you_nonce'); | |
| $query_args = $_GET; | |
| $query_args['unique'] = $unique_slug; | |
| $query_args['nonce'] = $nonce; | |
| $new_url = add_query_arg($query_args, get_permalink($thank_you_page_id)); | |
| wp_safe_redirect($new_url, 302); | |
| exit; | |
| } else { | |
| // Prevent revisit | |
| $unique_key = 'visited_' . sanitize_text_field($_GET['unique']); | |
| if (get_transient($unique_key)) { | |
| wp_safe_redirect(home_url(), 302); | |
| exit; | |
| } else { | |
| set_transient($unique_key, true, 5 * MINUTE_IN_SECONDS); | |
| } | |
| } | |
| } | |
| } | |
| add_action('init', 'add_specific_rewrite_rule_for_thank_you_page'); | |
| function add_specific_rewrite_rule_for_thank_you_page() { | |
| $thank_you_page_id = YOUR PAGE ID; | |
| if (is_admin()) return; | |
| $post = get_post($thank_you_page_id); | |
| if ($post) { | |
| add_rewrite_rule( | |
| '^' . $post->post_name . '/([a-zA-Z0-9]+)/?$', | |
| 'index.php?page_id=' . $thank_you_page_id, | |
| 'top' | |
| ); | |
| if (!get_option('thank_you_page_rewrite_flushed')) { | |
| flush_rewrite_rules(); | |
| update_option('thank_you_page_rewrite_flushed', true); | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment