Malware & Wordpress
-
Google has identified Malware on on eof our Wordpress sites. In webmaster tools it names the 10 pages where code has been injected.
I cant' find them easily via the WP dashboard and wondered if anyone had had any experience of this and what steps they took?
Plus are there any measure I can take to fight against this? The site is on the latest WP version.
Thanks,
Colin
-
Thanks Majid,
Sucuri Scanner looks good. I wonder if you had any experience of it?
If it can remove the malware as well as alerting me of any future hacks it would seem money well-spent.
Colin
-
Thanks Marie (and Dan and Majid),
I am going through the plugins and widgets now. I re-installed a clean version of the Theme too but not sure if I've done that too soon if the script is still there.
I can see the page titles in Webmaster Tools but cant' find the actual pages on the server to delete, in case that helps.
I will definitely look at the security suggestions and resources suggested. Thanks for the tips.
Marie I will PM you too if I may.
Thanks guys,
Colin
-
That would be ok if you use these plugin as well :
http://wordpress.org/extend/plugins/sucuri-scanner/
-
Colin
Any luck with this yet? I'd follow Marie's good advise and first be sure everything is updated. Then try these things to find it;
- Disable each plugin one by one and see if it goes away.
- Can you see the code when you view source or use a tools like browseo.net or shut off CSS? If you can see the location of the injected code you may be able to tell where it was inserted.
- If you can't see it viewing source or with browseo etc - try doing a Google cache: search and view in text only.
- Check your widgets.
- Check your .htaccess file
Once you find it definitely check out this document on securing wordpress.
Let us know how it goes.
-Dan
-
Definitely keep your plugins updated. Plus, if you use Timthumb on any of your sites, do some research on Timthumb vulnerabilities.
Make sure you change all of your wordpress passwords after cleaning up.
And, if you get hit again, despite your cleanup, hire a professional! I had a nasty job done on one of my sites. My host thought they'd fixed it and it came back. I hired sucuri.net to fix it and after 3 weeks they were no further ahead. I hired a professional guy (pm me for the name if you want to hire him) and it took him a while but he figured it out. Not all malware issues are that complicated though.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
GWT Fetch & Render displays desktop version of site as mobile
Hi team, I noticed that when I request a desktop rendering in GWT using fetch and render, pages render as the mobile version. Screenshot attached. It's related to the VHS units in our CSS (as far as I'm aware). Does anyone know what the implications of this may be? Does it mean googlebot can only see the mobile version of our website? Any help is appreciated. Jake jgScJ
Technical SEO | | Jacobsheehan0 -
Recommendation for SEO plugin for Wordpress
Dear Moz Community, Could I pick your brains on SEO plugins for WordPress? Our web developer has installed an SEO plugin called Yoast, and I am not quite sure of it's efficiency. The problem we have at the moment is that the Page Title is not updating on Google the way we anticipated. To solve this issue we unchecked forced rewrite under the title options, but this had no effect. For instance our name on Google appears as Man Van London all the time, despite any amendments we make it always has Man Van London at the start of the title. ( website: www.manvanlondon.co.uk) If Yoast is the best SEO plugin for wordpress, is there any solution to fix this issue? Or is anyone familiar with another plugin? Does anyone suggest to not use plugin's at all? Thank you for your time. Looking forward to your wisdom. Monica
Technical SEO | | monicapopa0 -
What are the SEO strengths & weaknesses of Magnolia CMS?
We are considering upgrading our Web eCommerce platform. Our current provider has just implemented Magnolia CMS into their Web store package. Do any of you have experience with this CMS and can you share your experiences and thoughts on whether or not it has any implications for SEO? Thanks!
Technical SEO | | danatanseo0 -
WWW wordpress multisite network for Main
I have a year old site with not many links, and my original intent was non www so http://rootdomain.com However, since its a subdomain multisite, I have received notice from google webmaster tools because of poor quality on one of my subsites.maindomain.com I do have the google account setup to be "root domain only" - however, i am still being penalized it seems. So should I convert my wordpress main site to use WWW. and modify my google webmaster/analytics profile, update my site links, etc. Or what do you suggest?
Technical SEO | | inllc0 -
Redirecting old domain to new domain with wordpress
Hi all, I need to change domain name to a website published on wordpress. I'd think to make these steps: trasferring the website (files+db) to a new hosting space to redirect old site (www.oldsite.com) to the new one (www.newsite.com) using rewrite rules. With these steps I'd need to transfer and reinstall files and wordpress so I would like to discover if there's some less time expending procedure to consider. Thanks and ciao Bob
Technical SEO | | bobrock40 -
SEO for Wordpress
I am sure you have been asked this many times... What is the BEST Wordpress Plug-in for SEO - Easy to Title Page, Meta Tags, etc... ?? Thanks
Technical SEO | | tab540 -
Understanding Duplicate Titles in Wordpress
I have duplicate title errors in Wordpress and I cannot pinpoint the problem. I have my blog set up so that the home page of the blog has the most recent posts. In my campaign report somehow the page directory is being found and I can't find any links on my blog to those pages. the errors are on pages that are like the following www.example.com/blog/page/13/ www.example.com/blog/page/14/ I am using Yoast and I thought I had it set up correctly. The other pages have the correct title and canonical tags, but he urls ending with page do not, but the page directory is duplicating the home page title. How or where can i fix this issue?
Technical SEO | | hfranz0 -
Using DNS & 301 redirects to gain control over a rogue site
I'd appreciate peoples' views on the following please. We have been approached by a client whose website does not rank # 1 for their own distinctive brand name due to this position being taken by a site they had developed for them by an affiliate some years back. The affiliate's site is clearly seen by Google as the definitive site for the brand - being older, having more links & in both Yahoo & DMOZ. The relationship has soured with the affiliate & the client wants to take control of the affiliate site & have it 301 redirect to the 'real' brand site. The affiliate won't cooperate (funny that). However whilst the client doesn't have control over the affiliate's website, they do own the domain. Given this, it seems that an option is to temporarily create a 1 page website on another server, change the affiliate website domain DNS settings to point to this, & in turn have that 301 re-direct to the client's website. This is a bit of a round about approach, but necessary because the affiliate won't directly 301 the site they control - despite the client owning it. (As I say the relationship has soured). If you think there's a better alternative approach to this problem (aside from litigation), I'd appreciate hearing it please. Thanks.
Technical SEO | | SureFire0