Malware & Wordpress
-
Google has identified Malware on on eof our Wordpress sites. In webmaster tools it names the 10 pages where code has been injected.
I cant' find them easily via the WP dashboard and wondered if anyone had had any experience of this and what steps they took?
Plus are there any measure I can take to fight against this? The site is on the latest WP version.
Thanks,
Colin
-
Thanks Majid,
Sucuri Scanner looks good. I wonder if you had any experience of it?
If it can remove the malware as well as alerting me of any future hacks it would seem money well-spent.
Colin
-
Thanks Marie (and Dan and Majid),
I am going through the plugins and widgets now. I re-installed a clean version of the Theme too but not sure if I've done that too soon if the script is still there.
I can see the page titles in Webmaster Tools but cant' find the actual pages on the server to delete, in case that helps.
I will definitely look at the security suggestions and resources suggested. Thanks for the tips.
Marie I will PM you too if I may.
Thanks guys,
Colin
-
That would be ok if you use these plugin as well :
http://wordpress.org/extend/plugins/sucuri-scanner/
-
Colin
Any luck with this yet? I'd follow Marie's good advise and first be sure everything is updated. Then try these things to find it;
- Disable each plugin one by one and see if it goes away.
- Can you see the code when you view source or use a tools like browseo.net or shut off CSS? If you can see the location of the injected code you may be able to tell where it was inserted.
- If you can't see it viewing source or with browseo etc - try doing a Google cache: search and view in text only.
- Check your widgets.
- Check your .htaccess file
Once you find it definitely check out this document on securing wordpress.
Let us know how it goes.
-Dan
-
Definitely keep your plugins updated. Plus, if you use Timthumb on any of your sites, do some research on Timthumb vulnerabilities.
Make sure you change all of your wordpress passwords after cleaning up.
And, if you get hit again, despite your cleanup, hire a professional! I had a nasty job done on one of my sites. My host thought they'd fixed it and it came back. I hired sucuri.net to fix it and after 3 weeks they were no further ahead. I hired a professional guy (pm me for the name if you want to hire him) and it took him a while but he figured it out. Not all malware issues are that complicated though.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
How do I best optimize my on-page SEO for a magazine-style wordpress theme?
My Wordpress website is set up with a magazine style theme (Newspaper). Maybe that's the issue overall here. Questions: 1) Pages vs Categories vs Posts I currently have a category with a few dozen posts under it. The category page itself has a ~1000 word article on it. It paginates every 10 posts or so at the bottom, but most of the page is duplicate because it's only swapping out a few links. Should I instead make the "category" a page with the posts childed under it? What's the best way to go about that? 2) Canonical and Pagination I get errors about a ton of duplicate content for paginated categories and my author page (all posts are under the admin account, which has ~40 pages or so. Every page is just a list of posts and it bitches about duplicate Titles and Descriptions on every one of the paginated posts). Should I canonical these back to the root author? Same question regarding pagination for categories, assuming I'm not going to be switching them to Pages. 3) Home Page Links Right now my home page just shows a few links to the top posts of all time. After that, it shows the 5 newest posts. On the sidebar it lists a few random pages/posts. There are also a few "category listings" which just shows random posts relevant to that category. Do I want something more static/structured? The navbar does list most main content pages under their appropriate category, but the home page itself is pretty much dynamic.
Technical SEO | | searchspot0 -
Recipe Wordpress Plugin - Structured Data?
We have been using this plugin for years: https://wordpress.org/plugins/ziplist-recipe-plugin/ and it appears that it's causing us serious problems in Google. So we're looking for either a new plugin or possible directions on if we should custom build an option into our site. Ultimately we're looking for the best setup for the Recipes on our site to obtain a Featured Snippet. Thank you!
Technical SEO | | FabulesslyFrugal0 -
Affiliate Url & duplicate content
Hi i have checked passed Q&As and couldn't find anything on this so thought I would ask.
Technical SEO | | Direct_Ram
I have recently noticed my URLS adding the following to the end: mydomain.com/?fullweb=1 I cant seem to locate where these URLS are coming from and how this is being created? This is causing duplicate content on google. I wanted to know ig anyone has had any previous experience with something like this? If anyone has any information on this it would be a great help. thanks E0 -
Redirect 301 & Wild Cards
Afternoon All! Question, I am having trouble getting my head around redirects and I am wondering if someone could help me on this.... We recently changed our website and although were using the same database, were using a different URL structure. So for example... Old URL siteurl.com/products/product/moredetails/merlin.id1553.html
Technical SEO | | scottiedog
New URL siteurl.com//vertigo/dl/product.php?p=1553 As you can see the product has the same ID number, just in a different directory. What I'd like to happen is.... If you go too siteurl.com////.idXXXX.html then you are 301'd too siteurl.com//vertigo/do/product.php?p=XXXX Obviously XXXX is the ID number of the product in our database. Any thoughts? I need help! Thanks in advance.0 -
How to fix Google index after fixing site infected with malware.
Hi All Upgraded a Joomla site for a customer a couple of months ago that was infected with malware (it wasn't flagged as infected by google). Site is fine now but still noticing search queries for "cheap adobe" etc with links to http://domain.com/index.php?vc=201&Cheap_Adobe_Acrobat_xi in web master tools (about 50 in total). These url's redirect back to home page and seem to be remaining in the index (I think Joomla is doing this automatically) Firstly, what sort of effect would these be having on on their rankings? Would they be seen by google as duplicate content for the homepage (moz doesn't report them as such as there are no internal links). Secondly what's my best plan of attack to fix them. Should I setup 404's for them and then submit them to google? Will resubmitting the site to the index fix things? Would appreciate any advice or suggestions on the ramifications of this and how I should fix it. Regards, Ian
Technical SEO | | iragless0 -
Removing a lot of content & changing url structure.
I recently moved an existing ecommerce site, which I recently purchased, from Volusion to Shopify. The new site has a completely different link structure. The old site also had about 120 products which are not even close to being up to par with the products I now have on the site. So I had to remove all of those pages too. I was just wondering which measures I need to take to deal with this? I created a really nice 404 page. I also 301 redirected the pages which still exist. But I was wondering if there is anything else I should do? Should I request a removal of all the old pages, which no longer exist? Should I do something else I'm not thinking about? Any help would be greatly appreciated. Thanks. jim
Technical SEO | | PedroAndJobu0 -
Http & https canonicalization issues
Howdyho I'm SEOing a daily deals site that mostly runs on https Versions. (only the home page is on http). I'm wondering what to do for canonicalization. IMO it would be easiest to run all pages on https. But the scarce resources I find are not so clear. For instance, this Youmoz blog post claims that https is only for humans, not for bots! That doesn't really apply anymore, right?
Technical SEO | | zeepartner0 -
Redirecting ?iframe=true&width=80%&height=80%
I have a extra page that google has indexed: www.jaaronwoodcountertops.com/?iframe=true&width=80%&height=80% Google has it listed as a page with duplicate content as my index page. I've tried to redirect it but the redirect isn't working on this one. Anyone have an idea of how to deal with this guy?
Technical SEO | | JAARON0