Malware & Wordpress
-
Google has identified Malware on on eof our Wordpress sites. In webmaster tools it names the 10 pages where code has been injected.
I cant' find them easily via the WP dashboard and wondered if anyone had had any experience of this and what steps they took?
Plus are there any measure I can take to fight against this? The site is on the latest WP version.
Thanks,
Colin
-
Thanks Majid,
Sucuri Scanner looks good. I wonder if you had any experience of it?
If it can remove the malware as well as alerting me of any future hacks it would seem money well-spent.
Colin
-
Thanks Marie (and Dan and Majid),
I am going through the plugins and widgets now. I re-installed a clean version of the Theme too but not sure if I've done that too soon if the script is still there.
I can see the page titles in Webmaster Tools but cant' find the actual pages on the server to delete, in case that helps.
I will definitely look at the security suggestions and resources suggested. Thanks for the tips.
Marie I will PM you too if I may.
Thanks guys,
Colin
-
That would be ok if you use these plugin as well :
http://wordpress.org/extend/plugins/sucuri-scanner/
-
Colin
Any luck with this yet? I'd follow Marie's good advise and first be sure everything is updated. Then try these things to find it;
- Disable each plugin one by one and see if it goes away.
- Can you see the code when you view source or use a tools like browseo.net or shut off CSS? If you can see the location of the injected code you may be able to tell where it was inserted.
- If you can't see it viewing source or with browseo etc - try doing a Google cache: search and view in text only.
- Check your widgets.
- Check your .htaccess file
Once you find it definitely check out this document on securing wordpress.
Let us know how it goes.
-Dan
-
Definitely keep your plugins updated. Plus, if you use Timthumb on any of your sites, do some research on Timthumb vulnerabilities.
Make sure you change all of your wordpress passwords after cleaning up.
And, if you get hit again, despite your cleanup, hire a professional! I had a nasty job done on one of my sites. My host thought they'd fixed it and it came back. I hired sucuri.net to fix it and after 3 weeks they were no further ahead. I hired a professional guy (pm me for the name if you want to hire him) and it took him a while but he figured it out. Not all malware issues are that complicated though.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Can Page Content & Description Have Same Content?
I'm studying my crawl report and there are several warnings regarding missing meta descriptions. My website is built in WordPress and part of the site is a blog. Several of these missing description warnings are regarding blog posts and I was wondering if I am able to copy the first few lines of content of each of the posts to put in the meta description, or would that be considered duplicate content? Also, there are a few warnings that relate to blog index pages, e.g. http://www.iainmoran.com/2013/02/ - I don't know if I can even add a description of these as I think they are dynamically created? While on the subject of duplicate content, if I had a sidebar with information on several of the pages (same info) while the content would be coming from a WP Widget, would this still be considered duplicate content and would Google penalise me for it? Would really appreciate some thoughts on this,please. Thanks, Iain.
Technical SEO | | iainmoran0 -
Duplicate Post Titles in WordPress with
Hi, First off, this is a WordPress specific question. we migrated a site into WordPress, with hundreds of long articles that are split into 3 or 4 pages each. Each of these articles was entered as an individual post, split into different pages using the tag. We're using the yoast seo plugin. The problem then is that each of the pages gets the same title and meta description. Has anyone a good solution to differentiate the pages? Thanks,
Technical SEO | | Andybod1 -
Help with Rel Canonical on Wordpress?
Crawl Diagnostics is showing a lot of Rel Canonical warnings, I've installed Wordpress SEO by Joose De Valk and Home Canonical URL plugins without success. Any ideas? I'm getting a lot of URL's that I thought I blocked from being indexed, such as author pages, category pages, etc. I'm also getting stuff like "recessionitis.com/?homeq=recent" and "recessionitis.com/page/2/", those pages are similar to my homepage. I thought those plugins were suppose to automatically clean things up.. anyone use these plugins that have any helpful hints?
Technical SEO | | 10JQKAs0 -
WordPress E-Commerce Plugin Duplicate Content Problem
I am working on a wordpress website that uses the WP E-Commerce plugin. I am using the Yoast seo plugin but not totally familiar with it. I have noticed that WP E-Commerce creates duplicate content issues. Here's an example: http://www.domain.com/parent-category/product-url-1/ is the same content as http://www.domain.com/parent-category/child-category/product-url-1/. I was wondering which of these following options are the best solution: 1. 301 redirect the multiple instances to one page
Technical SEO | | theanglemedia
2. noindex all but one instance
3. Use the canonical tag (i've used this tag before for telling SE's to use the www version of a page but not sure if it's the appropriate for this)
4. a combination of one of these 3 options? Thanks in advance!0 -
Wordpress Problems.. SEO-Yoast is Toast?
Hello; I have installed the WP Yoast Widget in my Blog, and 2 weeks, after my issues went away, they came back X's 300! lol So I uninstalled it, and my issues obviously got worse, and then I re-activated, and reset everything, and still got the 300+ issues. Is there a secondary plug in you would suggest, to run at the same time as Yoats, or theat will fix all issues? Ever think of making an SEOmoz Widget for WP since it is gaining so much popularity?? Thank you Great work by the way! Loved the Webinar today!
Technical SEO | | smstv0 -
Using Canonical URLs option in Platinum SEO for Wordpress
SEOMOZ says that my site has 150 <a title="Click for Help!">Canonical URLs and lists that as a potential problem. It's a check box in the settings for Platinum SEO and here is the description it provides:</a> <a title="Click for Help!">Choose this option to set up canonical URLs for your Home page, Single Post, Category and Tag Pages.</a> I have the option engaged. So I was trying to figure out the best thing to do. I have already instructed it to automatically make 301 redirects for any permalink changes and have instructed it to "noindex" tag archives,rss comment feeds, and rss feeds. I've only been doing this for about a year and am really confused right now. After reading most of your posts about the subject I have a much better understanding, but still very confused. Help..Please...
Technical SEO | | pressingtheissue0 -
Iframes & SEO
I've got a client that wants a site with all content in iFrames. They saw another site they liked & asked if we could do it. Of course we can technically. How big a negative hit would they take with SEO? Is there anything we can do to mitigate it, such as redirects, etc? Thanks for the help!
Technical SEO | | wcksmith0 -
SEO friendly way to move a wordpress installation
Hi Mozzers I am working with a client who currently has 2 wordpress installations on their site - one is in the root domain and one is in a subdirectory /hub which is where the majority of their content is. They want to move all of their content over from the /hub directory into the root installation. Any ideas of the most SEO friendly way to do this? Thanks for any suggestions.
Technical SEO | | beva0
