latro666

You can installed a plugin like WordFence which will give you live stats and other security tools. It could be you have a bot trying a brute force attack on your admin login.

Do you have Google analytics installed that might be useful.

Wow .asp not seen that in a while!

Basically WordPress has a permalinks system e.g. /about-us/ which is actually index.php?p=1

What you want to do is simply match your old file extension links to the new WP permalink with a 301 redirect e.g.
/about-us.asp would be 301 to /about-us

When you install WordPress your best bet is to install this plugin:
https://wordpress.org/plugins/redirection/

This provides a way in WordPress to setup your own 301 redirects. The .asp extension will not be a problem if you go with this route or want to get your hands dirty with .htaccess redirects.

For one client we use a plugin called press permit core with the additional collaborative editing module.

It allows you to create new types of user other than say editor and apply filters to what those types of use can edit.

We use it exactly as you describe we have users setup to only be able to add and edit content if that content is part of a specific category.

It takes a bit of configuration but shouldn’t be too bad to get the hang of.

Can add this to your wp-config.php file

define('WP_HOME', 'http://'.$_SERVER['HTTP_HOST']);
define('WP_SITEURL', 'http://'.$_SERVER['HTTP_HOST']);

It will override what you have set in the admin as the url.

Just take it out when sorted.

One approach would be to use custom fields. There is a plugin you could use for this called advanced custom fields.

Setup a basic text area box field maybe then add a form on the template which posts to its self e.g.

<?php
global $current_user;
get_currentuserinfo();
?>

<form method="post">
<input type="submit" name="mark attended" />
<input type="hidden" name="aid" value="<?php echo($post->ID) ?>" />
<input type="hidden" name="person" value="<?php echo($current_user->display_name) ?>" />
</form>

Then some post check code:

<?php
if(is_numeric($_POST['aid']) && $_POST['person'] != ''){
$meta = get_post_meta($_POST['aid']);
$update = $meta['YOUR CUSTOM FIELD NAME'] . ',' . $_POST['person'];
update_post_meta($_POST['aid'], 'YOUR CUSTOM FIELD NAME', $_POST['person']);
}

This is very basic example it would in theory give you a field in the post with all the names separated by comas.

there are much better/secure ways to handle the posting of the data and Advanced custom fields offers a user picker you could update but its probably a bit complex to go over in this.

You’ll want a way to stop duplicate posting, checking they are logged in first etc

Well if you go rid of those links then they will redirect to your 404 which will have the GA code on it.

I expect the spam files did not have your own GA code on there… You might want to build a better picture with logs, do you have AW stats on the server?

Not really a WP specific answer but have you tried:
http://php.net/manual/en/function.json-decode.php

Make amends using php and re-encode.

The links might still be out in the wild / registered on google.

Have you tried doing this in google:

site:www.yoursite.com
link:www.yoursite.com

this gives you all the links google has indexed on your site and all sites that are linking to you.

To cut the spam down you can always setup a htaccess rule to forward them on if they visit one of the links or series of links e.g. path includes /spqzssysys…

You could also setup 301 redirects on the folder or each link

You also have the option to setup a robots file for the folder to no-index.

If you have not installed Wordfence i’d also suggest giving that a go, find it to be a great security plugin.