Spamming and Wordpress
-
Hi,
I have a Wordpress site for which I was ranking #1 for my main key phrase. Then I noticed that my site had plummeted in ranking. Investigating I found the cause to be a hacking issue where my code has lots of content for and backlinks to Viagra sites! How do I best work on retrieving my ranking and making sure that the site in question gets penalized?
-
thanks, Paul.
I am testing the "Wordfence" plug-in, and I was able to identify (and delete) a malware file. I should probably look for a more secure host as well.
Cheers
Bo
-
This plugin is really helpful for protecting your site:
Once you clean up, it should gain rankings back.
-
A good idea would be to change your passwords on a monthly basis and maybe ask your hosting company to see if there is anything they can do to stop your site from being hacked. Also ask them if they have any data on when your site was hacked.
A good hosting company will help you keep your site secure
-
Just a heads-up Bo - and really sorry to be a bearer of bad news, but fixing a WordPress hack like you're describing is almost never as easy as just deleting the code you see in headers. Like on virus-infected desktop computers, the malware often hides an additional payload of crapware that is capable of regenerating the spam links after a designated time period.
There are a number of different WordPress scanning services like http://sucuri.net/, as well as security-scanning plugins available. Be sure to use a couple of them (no one tool catches everything) to make sure you site is actually clean. In addition, monitor it carefully and repeatedly for the next several weeks to make sure the malware doesn't surreptitiously re-assert itself.
Lastly, make certain you have changed all ftp passwords for your site's server and that you are using strong, complex passwords. This is an easy vector of attack that many webmasters forget to secure. If possible, you should be using sFTP (secure ftp) for any work on your site as it encrypts ftp passwords where regular ftp sends them in the clear and so is extremely easy to hack.
Paul
-
Hi,
thanks for sharing! I found the code in the Header and deleted everything, so hopefully that should take care of the "clean-up" process, so I can start on the "small matter" of regaining my ranking. I'm in 50th at the moment, so at least I'm indexed!
cheers
-
Hey Bo, just thought I'd chime in here. I had a client's site get some kind of nasty code injection - pharma stuff like you're talking about. Happened a month or so ago. He was #1 for his keyphrase also, but as soon as the site was compromised, he dropped to page 4-5. Soon as I re-did the site and got it live his rankings came back.
Sooo...bad news and good news. I highly doubt your site is actually de-indexed (good news). The bad news is the amount of work you'll have to do. I completely wiped the root folder, deleted the DB, and re-built the wordpress site from scratch on a different theme/framework.
-
hi, thanks for the advice!
I will check Webmaster tools, and send a description of the issue. I´m sure you´re right regarding the penalty issue, I guess I just have to tighten security...
-
Most usually, your rankings will come back once you clean your site up. I'd recommend letting go of thoughts regarding penalties to site in question. There's really nothing that the ordinary mortal can do that will make that happen and if there was something that could be done, they'd be up and running the next hour with another site (which probably already is up and running.)
The big take away is: keep your wordpress up to date, delete your admin account, and set up an account with another username with a strong password.
-
Is your site listed in google wmt? if so is there any messages.
Ask for re-consideration and explain what happened
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
What's the best way for users to upload their images to my wordpress site to promote UGC
I have looked at lots of different plugins and wanted a recommendation for an easy way for patients of ours to upload pictures of them out partying and having fun and looking beautiful so future users can see the final results instead of sometimes gory or difficult to understand before and after images. I'd like to give them the opportunity to write captions (like facebook or insta posts and would offer them incentives to do so. I don't want it to be too complicated for them or have too many steps or barriers but I do want it to look nice and slick and modern. Also do you think this would have a positive impact on SEO? I was also thinking of a Q&A app where dentists could get Q&A emails and respond - i've been doing AMA sessions and they've been really successful and I would like to bring it into out site and make it native. Thanks in advance 🙂
Technical SEO | | Smileworks_Liverpool1 -
How to de-index a page with a search string with the structure domain.com/?"spam"
The site in question was hacked years ago. All the security scans come up clean but the seo crawlers like semrush and ahrefs still show it as an indexed page. I can even click through on it and it takes me to the homepage with no 301. Where is the page and how to deindex it? domain/com/?spam There are multiple instances of this. http://www.clipular.com/c/5579083284217856.png?k=Q173VG9pkRrxBl0b5prNqIozPZI
Technical SEO | | Miamirealestatetrendsguy1 -
How to force Wordpress to remove trailing slashes?
I've searched around quite a bit for a solution here, but I can't find anything. I apologize if this is too technical for the forum. I have a Wordpress site hosted on Nginx by WP Engine. Currently it resolves requests to URLs either with or without a trailing slash. So, both of these URLs are functional: <code>mysite.com/single-post</code> and <code>mysite.com/single-post/</code> I would like to remove the trailing slash from all posts, forcing mysite.com/single-post/ to redirect to mysite.com/single-post. I created a redirect rule on the server: ^/(.*)/$ -> /$1 and this worked well for end-users, but rendered the admin panel inaccessible. Somewhere, Wordpress is adding a trailing slash back on to the URL mysite.com/wp-admin, resulting in a redirect loop. I can't see anything obvious in .htaccess. Where is this rule adding a trailing slash to 'wp-admin' established? Thanks very much
Technical SEO | | james-tb0 -
Wordpress versus html and google ranking
My current SEO has always recommended that I take my site to wordpress. I really don't want to move to wordpress. I don't like it... I just like writing code in raw html, css, and script. I feel like I have more control that way. Wordpress just seems like a platform for blogs (I have my blog in wordpress). My question is, do wordpress websites typically rank better? Is there benefit to moving to it?
Technical SEO | | CalicoKitty20000 -
Wordpress Archive pages
In the SEOMOZ site report a number of errors were found. One of which was no or duplicate meta desctions on certain blog pages. When I drilled down to find these i noticed thosepages are the wordpress autocreated archive pages. When I searched for these through the wordpress control panel through both pages and blogs they were nowhere to be found. Does anyone know how to find these pages or are they not something I need to worry about?
Technical SEO | | laserclinics0 -
Duplicate content + wordpress tags
According to SEOMoz platform, one of my wordpress websites deals with duplicate content because of the tags I use. How should I fix it? Is it loyal to remove tag links from the post pages?
Technical SEO | | giankar0 -
Merged old wordpress site to new theme and have crazy amount of 4xx and duplicate content that wasn't there before?
URL is awardrealty.com We have a new website that we merged into a new wordpress theme. I just crawled the site with my seomoz crawl tool and it is showing a ridiculous amount of 4xx pages (200+) and we cant find the 4xx pages in the sitemap or within wordpress. Need some help? Am i missing something easy?
Technical SEO | | Mark_Jay_Apsey_Jr.0 -
Dealing with hundreds of spam pages caused by a hacker
A couple of my sites have recently been hacked with the hacker managing to overwrite lots of my pages with their own spam products and also adding in lots of (hundreds) pages that they have created themselves. I have rectified this in so far as removing folders that the hacker used to over write my pages so my original pages are now back showing the correct content and also removed all the hundres of new pages that they had managed to instantly add. I appreciate that google will find and re-crawl all my genuine pages so the correct content is being displayed and indexed for them but what is the best method for dealing with the hundreds of extra spam ages that google had managed to crawl but have now been deleted so there are loads of 404 page not founds in google?
Technical SEO | | Wardy0