Xomox Redirect Audit — 2026-05-05 (post-launch +7 days)

Source of truth for redirects: Redirection plugin (v2.2.0) on production. Never .htaccess.

Data source: wp_s5masmo7u3_redirection_404 table on production (queried 2026-05-05). Plugin expire_404 is set to 7 days, so this captures roughly the entire window since launch (2026-04-28 → 2026-05-05).

Current state: - 3,194 distinct 404 hits logged - 71 active redirects already in place (most heavily hit: /contact-us/ 35, old service slugs 23, /about-us/ 17) - 400 redirect hits served

The previous dev (or G&M during launch prep) did most of the heavy lifting. This audit identifies what's still leaking.

Bucket A — Old-site URLs to redirect (high priority)

These are real pages from the prior xomoxjewelry.com site that still have inbound links / Googlebot indexing. Worth real destinations on the new site.

Source (404 path) Hits Suggested destination Notes
/services/repair-after-sales/appraisal/ 15 /services/repair-after-sales/ (parent) — confirm if "appraisal" is now folded into another sub-service or simply removed Other repair-after-sales children DO have redirects in place; this one was missed
/handcrafted-mountings/ 11 /services/private-client-bespoke/ or closest equivalent Old top-level page; check if there's a "mountings" portfolio category to land on
/laser_engraving/ 10 /services/production/laser-welding-polishing/ (which already redirects to /laser-welding/) — set this directly to /laser-welding/ to avoid a hop Note underscore in source — old slug format
/author/xomox_jewelry/page/2/ 10 /blog/ or /news/ — wherever the new news index lives, OR 410 it This is a WP author archive; the new site likely doesn't expose author archives at all
/rubber-molds/ 9 /services/production/precious-metal-casting/ (closest production-process match) Old top-level page about rubber-mold making
/business-integrity/ 4 /about/ Old standalone page
/piotr-in-2016-tcs-new-york-city-marathon/ 3 / (home) — consistent with other marathon posts already redirected to / One of several Piotr-marathon blog posts; the rest are already redirected to /
/news (no trailing slash) 3 Match wherever the news index lives on the new site (or /blog/ which already redirects to /) Confirm the canonical news/blog URL

Action: confirm the destination URLs with Eric, then add via Redirection plugin (Local first, then push to prod with explicit per-action approval).

Bucket B — Old uploaded image URLs (decision needed)

Googlebot has dozens of 2013–2016 /wp-content/uploads/YYYY/MM/...jpg URLs indexed. Top hitters: medal1_2.jpg (15), eternity_bands.jpg (15), pio_b10m.jpg (11), pio_q10.jpg (11), then a long tail.

Recommendation: don't add per-image redirects. Two reasons: (1) finding semantically equivalent new images is guesswork, (2) Google Image Search will deindex these naturally over a few months. If image search traffic to the old site was significant, Eric can call this out and we revisit.

One exception: if any of these image URLs are referenced in outbound content we control (press, social, partner links), redirect those individually.

Bucket C — Bot / scanner noise (drop, do not redirect)

The bulk of the 3,194 404s. Hacker / vulnerability scanners probing: - WordPress username enumeration: /?author=1, /?author=5 - Generic PHP shell probes: /admin.php, /wp.php, /abcd.php, /ioxi-o.php, /file.php, /info.php, /xxx.php, dozens more - Plugin/theme exploit probes: /wp-content/themes/seotheme/db.php?u, /plugins/content/apismtp/..., /ALFA_DATA/alfacgiapi/perl.alfa - Common backup/dev paths: /backup/, /old/, /wp/, /wordpress/, /new/, /blog/ (legitimate but already redirected to /) - iOS device probes: /apple-touch-icon.png, /apple-app-site-association (ignore unless Eric wants real touch icons added)

Action: none. These are low-cost 404s and any redirect we add would just give scanners a faster confirmation that the path resolves.

Optional: add a real apple-touch-icon.png to site root — small UX nicety, drops 6 daily 404s.

Bucket D — Real site bug (NOT a redirect issue)

/"/cdn.jsdelivr.net/npm/gsap@3.12.5/dist/ScrollTrigger.min.js (5 hits) and /"/cdn.jsdelivr.net/npm/gsap@3.12.5/dist/gsap.min.js (4 hits).

The leading /"/ prefix means the GSAP CDN URL is being emitted as a relative URL with extra quote/slash characters. Somewhere in the theme a <script src="…" tag is being built incorrectly. Likely related to the GSAP "selector not found" console warnings on home (Task #10).

Action: find and fix the malformed script tag. This is a code fix, not a redirect. Already filed as Task #10 in this session.

Bucket E — Other anomalies worth a quick look

Path Hits Note
/sitemap.xml.gz 3 If Yoast is generating only /sitemap_index.xml, fine to ignore. If Eric wants gzipped output, that's a Yoast setting.
/fonts/Ottawa.ttf 4 Theme references a font path that doesn't exist? Check css/general.css and CDN.
/wp-content/et-cache/ 4 Divi-era cache directory probe. Ignore.
/graphql, /api/graphql, /mcp 3-4 API exploration probes. Ignore.

Net redirect plan (proposed) — IMPLEMENTED 2026-05-05

8 redirects added to both local and prod Redirection plugin. All 8 verified 301'ing correctly on xomoxjewelry.com:

Source → Destination Verified
/services/repair-after-sales/appraisal/ /services/repair-after-sales/
/handcrafted-mountings/ /services/private-client-bespoke/
/laser_engraving/ /laser-welding/
/author/xomox_jewelry/page/2/ /
/rubber-molds/ /services/production/precious-metal-casting/
/business-integrity/ /about/
/piotr-in-2016-tcs-new-york-city-marathon/ /
/news /

Implementation gotchas (logged for next time): - Direct DB INSERT into wp_redirection_items requires populating match_url (the indexed lookup column), not just url. - With flag_trailing: true in redirection_options, match_url for trailing-slash sources must be stored without the trailing slash. The plugin normalizes during matching.

Open the Redirection plugin's "404s" tab in ~3 days to verify these specific 404s have stopped logging.

Re-pull this audit weekly for the first month, then monthly. Plugin retention is 7 days, so the data window is rolling.