Spamming and Wordpress
-
Hi,
I have a Wordpress site for which I was ranking #1 for my main key phrase. Then I noticed that my site had plummeted in ranking. Investigating I found the cause to be a hacking issue where my code has lots of content for and backlinks to Viagra sites! How do I best work on retrieving my ranking and making sure that the site in question gets penalized?
-
thanks, Paul.
I am testing the "Wordfence" plug-in, and I was able to identify (and delete) a malware file. I should probably look for a more secure host as well.
Cheers
Bo
-
This plugin is really helpful for protecting your site:
Once you clean up, it should gain rankings back.
-
A good idea would be to change your passwords on a monthly basis and maybe ask your hosting company to see if there is anything they can do to stop your site from being hacked. Also ask them if they have any data on when your site was hacked.
A good hosting company will help you keep your site secure
-
Just a heads-up Bo - and really sorry to be a bearer of bad news, but fixing a WordPress hack like you're describing is almost never as easy as just deleting the code you see in headers. Like on virus-infected desktop computers, the malware often hides an additional payload of crapware that is capable of regenerating the spam links after a designated time period.
There are a number of different WordPress scanning services like http://sucuri.net/, as well as security-scanning plugins available. Be sure to use a couple of them (no one tool catches everything) to make sure you site is actually clean. In addition, monitor it carefully and repeatedly for the next several weeks to make sure the malware doesn't surreptitiously re-assert itself.
Lastly, make certain you have changed all ftp passwords for your site's server and that you are using strong, complex passwords. This is an easy vector of attack that many webmasters forget to secure. If possible, you should be using sFTP (secure ftp) for any work on your site as it encrypts ftp passwords where regular ftp sends them in the clear and so is extremely easy to hack.
Paul
-
Hi,
thanks for sharing! I found the code in the Header and deleted everything, so hopefully that should take care of the "clean-up" process, so I can start on the "small matter" of regaining my ranking. I'm in 50th at the moment, so at least I'm indexed!
cheers
-
Hey Bo, just thought I'd chime in here. I had a client's site get some kind of nasty code injection - pharma stuff like you're talking about. Happened a month or so ago. He was #1 for his keyphrase also, but as soon as the site was compromised, he dropped to page 4-5. Soon as I re-did the site and got it live his rankings came back.
Sooo...bad news and good news. I highly doubt your site is actually de-indexed (good news). The bad news is the amount of work you'll have to do. I completely wiped the root folder, deleted the DB, and re-built the wordpress site from scratch on a different theme/framework.
-
hi, thanks for the advice!
I will check Webmaster tools, and send a description of the issue. I´m sure you´re right regarding the penalty issue, I guess I just have to tighten security...
-
Most usually, your rankings will come back once you clean your site up. I'd recommend letting go of thoughts regarding penalties to site in question. There's really nothing that the ordinary mortal can do that will make that happen and if there was something that could be done, they'd be up and running the next hour with another site (which probably already is up and running.)
The big take away is: keep your wordpress up to date, delete your admin account, and set up an account with another username with a strong password.
-
Is your site listed in google wmt? if so is there any messages.
Ask for re-consideration and explain what happened
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
How to force Wordpress to remove trailing slashes?
I've searched around quite a bit for a solution here, but I can't find anything. I apologize if this is too technical for the forum. I have a Wordpress site hosted on Nginx by WP Engine. Currently it resolves requests to URLs either with or without a trailing slash. So, both of these URLs are functional: <code>mysite.com/single-post</code> and <code>mysite.com/single-post/</code> I would like to remove the trailing slash from all posts, forcing mysite.com/single-post/ to redirect to mysite.com/single-post. I created a redirect rule on the server: ^/(.*)/$ -> /$1 and this worked well for end-users, but rendered the admin panel inaccessible. Somewhere, Wordpress is adding a trailing slash back on to the URL mysite.com/wp-admin, resulting in a redirect loop. I can't see anything obvious in .htaccess. Where is this rule adding a trailing slash to 'wp-admin' established? Thanks very much
Technical SEO | | james-tb0 -
Does my "spam" site affect my other sites on the same IP?
I have a link directory called Liberty Resource Directory. It's the main site on my dedicated IP, all my other sites are Addon domains on top of it. While exploring the new MOZ spam ranking I saw that LRD (Liberty Resource Directory) has a spam score of 9/17 and that Google penalizes 71% of sites with a similar score. Fair enough, thin content, bunch of follow links (there's over 2,000 links by now), no problem. That site isn't for Google, it's for me. Question, does that site (and linking to my own sites on it) negatively affect my other sites on the same IP? If so, by how much? Does a simple noindex fix that potential issues? Bonus: How does one go about going through hundreds of pages with thousands of links, built with raw, plain text HTML to change things to nofollow? =/
Technical SEO | | eglove0 -
Duplicate content. Wordpress and Website
Hi All, Will Google punish me for having duplicate blog posts on my website's blog and wordpress? Thanks
Technical SEO | | Mike.NW0 -
How can I Style Long "List Posts" in Wordpress?
Hi All, I have been working on a list-post which spans over 100 items. Each item on the list has a quick blurb to explain it, an image and a few resource links. I am trying to find an attractive way to present this long list post in Wordpress. I have seen several sites with long list posts however; they place their items one on top of the other which yields a VERY long page and the end user has to do a lot of scrolling. Others turn their lists into slideshows, but I have no data on how slides perform against 10-mile-long-lists which load in 1 page. I would like to do something similar to what List25.com does as they present about 5-10 items per page and they seem to have pagination. The pagination part I understand however; is there a shortcode plugin to format lists in an attractive way just like list25?
Technical SEO | | IvanC0 -
Removing Media from Wordpress
I've run the seomoz on page report and found an interesting issue. I'm using wordpress and it seems that every picture I add to my articles seem to be added as separate pages to the site. I'm having to go to each and every picture and creating a meta tag and description to it. I still get duplicate content issues with the same. On my Disqus system, I get the same pictures added just as a page or article would look like. What can I do to avoid this?
Technical SEO | | emasaa0 -
What is the best way to remove and fight back backlink spam?
Removing low quality and spam backlinks. What is the most effective clean-up process?
Technical SEO | | matti_wilson0 -
BEST Wordpress Robots.txt Sitemap Practice??
Alright, my question comes directly from this article by SEOmoz http://www.seomoz.org/learn-seo/robotstxt Yes, I have submitted the sitemap to google, bing's webmaster tools and and I want to add the location of our site's sitemaps and does it mean that I erase everything in the robots.txt right now and replace it with? <code>User-agent: * Disallow: Sitemap: http://www.example.com/none-standard-location/sitemap.xml</code> <code>???</code> because Wordpress comes with some default disallows like wp-admin, trackback, plugins. I have also read other questions. but was wondering if this is the correct way to add sitemap on Wordpress Robots.txt http://www.seomoz.org/q/robots-txt-question-2 http://www.seomoz.org/q/quick-robots-txt-check. http://www.seomoz.org/q/xml-sitemap-instruction-in-robots-txt-worth-doing I am using Multisite with Yoast plugin so I have more than one sitemap.xml to submit Do I erase everything in Robots.txt and replace it with how SEOmoz recommended? hmm that sounds not right. User-agent: *
Technical SEO | | joony2008
Disallow:
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-login.php
Disallow: /wp-content/plugins
Disallow: /wp-content/cache
Disallow: /wp-content/themes
Disallow: /trackback
Disallow: /comments **ERASE EVERYTHING??? and changed it to** <code> <code>
<code>User-agent: *
Disallow: </code> Sitemap: http://www.example.com/sitemap_index.xml</code> <code>``` Sitemap: http://www.example.com/sub/sitemap_index.xml ```</code> <code>?????????</code> ```</code>0
