I canât say whatâs behind this weird search query⊠but Iâm curious why youâd think this has anything to do with Cloudflare at all. Your .htaccess file is something with your host, not Cloudflare.
It is attached to our domain name and shouldnât be there. It is shown as a page in the Google Search Console. Malicious injection, is just looking for the best way to find and remove.
Iâd suggest a fast fix to temporary create a WAF rule to either Block or Challenge any request trying to use the search your WordPress website where URI Query contains s= for everyone.
Double-check and see how youâre passing the string for search (if youâve codded your theme) and if itâs escaping some strings, trimming, etc.
Furthermore, check the Security â Events if the requests are still coming in.
Track & trace a bit, block by the IP address or user-agent string if you suspect this to be some kind of an attack.
You should be able to see the challenged or blocked event under the Security tab â Events at Cloudflare dashboard for your zone and know exactly which security option was triggered.
Once you find them, click on a particular one to find more details about it (user-agent, IP, HTTP version âŠ) and create WAF rules according to it for protection.
Obviously your search isnâf filtered if anyone could enter this
Consider scanning your WordPress website for any possible malicious code or malware with Malcare, Wordfence, Sucuri or some other plugin for security.
Check comments, posts and pages, users for any unknown.
The ?s= is specifically the WordPress search parameter. So blocking this effectively blocks searching on the site.
If you have a small business site with only a handful of pages that doesnât really need search, this should be an effective solution. But If your site is a blog or a large site for which search is essential, youâre going to get a lot of angry users (if your users are as vocal as mine are ).
If youâre letting Google index your siteâs internal search results pages (malicious or benign), youâre doing it wrong and you need to fix that.