This tutorial explains two ways to “hide” the default URLs for USP Forms. These URLs are used when building your forms, but they are not really meant to be accessed directly by visitors. So in this tutorial we explain the details and show how to use a small snippet of .htaccess to redirect or block all requests for the default/direct USP Form URLs. Doing so can help to focus traffic and minimize duplicate content.

Question

Here is a question recently sent in by a user of USP Pro:

I have a “Member’s only” sub-page installed and want my USP Form only to be displayed for logged in users on this page. But it seems to me, that any visitor can visit the form through the permalink “http://example.com/usp_form/formname”. Am I wrong? And if not, how can I disable visitors to see the form through the permalink?

Let’s take a closer look at how this works..

Explanation

Before jumping to a solid solution, let’s look at the types of URLs that are used to display USP Forms. When you visit the WP Admin Area > USP Forms, you can preview any USP Form. So when you look at the form directly on the front-end of your site, the URL will look similar to one of the following (depending on whether or not WP Permalinks are enabled):

  • http://example.com/?usp_form=submit – when WP Permalinks are not enabled
  • http://example.com/usp_form/submit/ – when WP Permalinks are enabled

It is totally fine to use these direct URLs to display your forms to visitors, but it’s a much better idea to instead use the USP Form Shortcode. That way, you can display your forms on any WP Post or Page, so you have full control over the URL, title, and other content. When using the shortcode to display forms, there is no need to make the forms available via their default URLs. In fact, it’s probably best to hide them or block access to prevent duplicate content.

Solution

With that in mind, there are a couple of things you can do to prevent unwanted access to the default URLs for USP Forms. The easiest solution is to add the following line in your site’s robots.txt file:

Disallow: /usp_form/

That will keep obedient bots from crawling any of the default form URLs. But not all bots are obedient, and of course your visitors aren’t going to bother checking your site’s robots file before accessing the page.

So the most effective way to prevent unwanted access is to use a slice of .htaccess to simply block all requests for the default form URLs. Let’s look at how to do this for both cases: when WP Permalinks are enabled, and when WP Permalinks are not enabled.

Permalinks enabled

If permalinks are enabled, add the following line to your site’s root .htaccess file:

RedirectMatch 403 /usp_form/

That will block access to all default/direct form URLs without preventing the USP Form Shortcode from working. So you can continue to view/access the form via the shortcode if you need to edit or update the form. All users also will be able to access the form when it is displayed via the shortcode. Only direct access to the default form URLs will be blocked.

Or, if you would rather redirect all requests for the default form URLs, you can do this:

RedirectMatch 301 /usp_form/ http://example.com/wp-login.php

That will redirect the request to the specified URL. Feel free to customize as desired. You know, make it your homepage or URL where the form is displayed via shortcode.

Permalinks not enabled

If permalinks are not enabled, then you’ll need to target the query string, which requires a bit more code:

<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteCond %{QUERY_STRING} usp_form [NC]
	RewriteRule .* - [F,L]
</IfModule>

Add that to your site’s root .htaccess file and test thoroughly. As written, this technique will block all requests for the default USP Form URLs and return a 403 Forbidden response. If you would rather redirect all such requests to some URL, change the RewriteRule to the following:

RewriteRule .* /submit/ [L]

This will redirect the user to your “Submit” page. Customize the URL/path to suit your needs.