This section explains how to disable WordPress’ standard search function and return a 404 page.

If you don’t use the WordPress search function on your site, you should disable it.

The standard search function of WordPress has recently become the target of a hacking technique called SEO hacks, and there have been an increasing number of cases of huge noindexes being recorded in search consoles and other search engines.

Reference
WordPress Doctor Requested Case Study: Problem of massive noindex notifications in Google Search Console

The above cases do not necessarily mean that the site is infected with malware. However, depending on the theme and WordPress version, search engines may register the illegally generated search result pages.

If the WordPress search function is not used on your site, or if you have created your own search function, it is possible to stop the search function itself and return a 404 page.

Stop the WordPress search function and return a 404 page and 404 status code (non-existent page and notification)

You can completely stop the WordPress search function and return 404 pages and 404 status codes by copying and pasting the following code into your theme’s Functions.php.

function stop_wp_search($query)
{
if (is_search()) {
$query->set_404(); // set page 404
status_header(404); // return 404 status code
nocache_headers(); // do not use cache
}
}
add_filter('parse_query', 'stop_wp_search');

is_search() indicates that the page you are currently viewing is a search results page.
In the case of this page $query->set_404();status_header(404); returns a 404 page with status code 404.

You can also easily enable this functionality with a click with our security plugin we are developing.
Free] WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].

We hope you find this information helpful.