Malware & Wordpress
-
Google has identified Malware on on eof our Wordpress sites. In webmaster tools it names the 10 pages where code has been injected.
I cant' find them easily via the WP dashboard and wondered if anyone had had any experience of this and what steps they took?
Plus are there any measure I can take to fight against this? The site is on the latest WP version.
Thanks,
Colin
-
Thanks Majid,
Sucuri Scanner looks good. I wonder if you had any experience of it?
If it can remove the malware as well as alerting me of any future hacks it would seem money well-spent.
Colin
-
Thanks Marie (and Dan and Majid),
I am going through the plugins and widgets now. I re-installed a clean version of the Theme too but not sure if I've done that too soon if the script is still there.
I can see the page titles in Webmaster Tools but cant' find the actual pages on the server to delete, in case that helps.
I will definitely look at the security suggestions and resources suggested. Thanks for the tips.
Marie I will PM you too if I may.
Thanks guys,
Colin
-
That would be ok if you use these plugin as well :
http://wordpress.org/extend/plugins/sucuri-scanner/
-
Colin
Any luck with this yet? I'd follow Marie's good advise and first be sure everything is updated. Then try these things to find it;
- Disable each plugin one by one and see if it goes away.
- Can you see the code when you view source or use a tools like browseo.net or shut off CSS? If you can see the location of the injected code you may be able to tell where it was inserted.
- If you can't see it viewing source or with browseo etc - try doing a Google cache: search and view in text only.
- Check your widgets.
- Check your .htaccess file
Once you find it definitely check out this document on securing wordpress.
Let us know how it goes.
-Dan
-
Definitely keep your plugins updated. Plus, if you use Timthumb on any of your sites, do some research on Timthumb vulnerabilities.
Make sure you change all of your wordpress passwords after cleaning up.
And, if you get hit again, despite your cleanup, hire a professional! I had a nasty job done on one of my sites. My host thought they'd fixed it and it came back. I hired sucuri.net to fix it and after 3 weeks they were no further ahead. I hired a professional guy (pm me for the name if you want to hire him) and it took him a while but he figured it out. Not all malware issues are that complicated though.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Amp page development issue
Hi everyone currently developing an amp version of my website it validates with no errors, however my <a name="blah"></a>some blah does not work for amp any ideas
Technical SEO | | livingphilosophy0 -
Wordpress vs. home grown directory
I just moved my blog from a wordpress hosted solution to my owner server and am really hopeful that all the SEO ready wordpress pages plus I downloaded Yoast SEO will move my site. I started with 9000 pages being moz indexed with tons of errors eyerywhere, I have almost fixed everything getting ready to do a google index. One question. I have a directory of businesses and events for my local mountain community that is home grown with about 200 pages. see here: http://www.destinationbigbear.com/directory/bigbeardirectory.aspx which has a PA of 21 which is the same as my DA 21 (I know terrible)... Should I migrate these 200 pages with images to wordpress to take advantage of all the nice SEO possibilities? I have staff and it would probably take about $600 bucks to do it. I would only have to put about ten 301's such as http://www.destinationbigbear.com/directory/contentcat.aspx?ParentID=7 would be http://www.destinationbigbear.com/big-bear-restaurants/ Thank you again to all, I am hopeful I can answer some questions in the future for people... I am learning alot! Nick
Technical SEO | | nickcargill0 -
Wordpress Woocomerce Recommended SEO URL structure
Hi Mozzers ! Thanks for looking. I have a new shop in development (http://www.vintageheirloom.biz), I'm now using WordPress & Woocommerce. I've asked Woocommerce whether it is possible to remove the 'shop' and 'product-category' categories. They say it is, but it isn't recommended, it can slow site speed & create possible duplicate pages. I'm wondering what seasoned SEO experts opinions are on my particular structure? I've heard that a flat structure is recommended, but ecommerce shops as I understand pose their own issues, so any feedback would be appreciated.. Here's some URL examples: http://vintageheirloom.biz/shop/bags/ - this for the category bags http://vintageheirloom.biz/product-category/bags/shoulder-bags/ - this for shoulder bags a child of bags category http://vintageheirloom.biz/shop/2-55-bags/vintage-chanel-caviar-skin-2-55-bag/ - a product The last URL contains the category 2-55 bags. The products name also includes the phrases 2-55 bag. Should this level of repetition be avoided or is it best to keep the whole phrase 'vintage-chanel-caviar-skin-2-55-bag/' for SEO purposes? Thanks for any help you can give me around this issue! Kevin
Technical SEO | | well-its-1-louder0 -
Wordpress Page vs. Posts
My campaigns are telling me I have some duplicate content. I know the reason but not sure how to correct it. Example site here: Bikers Blog is a "static page" referencing each actual "blog post" I write. This site is somewhat orphaned and about to be reconstituted. I have a number of other sites with a similar problem. I'm not sure how to structure the "page" so it only shows a summary of the blog post on the page not the whole post. Permalinks is set as "/%postname%/" I've posted on Wordpress.org with no answer. Since this is an SEO issue I thought maybe someone with WP experience could chime in. Thanks, Don
Technical SEO | | NicheGuy0 -
Wordpress Hatom problem
Hi, in Webmaster Tools i receive the following warnings: hatom-feedhatom-entry:Warning: At least one field must be set for HatomEntry.Warning: Missing required field "entry-title".Warning: Missing required field "updated".Warning: Missing required hCard "author".I googled a few strategies how to solve this problem but is it for SEO purpose really necessary to edit Theme core code to satisfy google's warnings?
Technical SEO | | reisefm0 -
Static site to wordpress - avoiding 301 redirects
Moving our static website to wordpress, pages currently end in the .htm extension and for reasons of me having to do all the moving myself and wanting to preserve link equity is there any way I can run the pages with a .htm extension in Wordpress? Tried using a plug-in by Daddy Design but it seems a bit hit and miss at times. I basically need to keep the url's the same as I will not be able to get the vast majority of my links altered to the new pages, plus I am doing this by myself!
Technical SEO | | Jon-C0 -
New Domain Page 7 Google but Page 1 Bing & Yahoo
Hi just wondered what other people's experience is with a new domain. Basically have a client with a domain registered end of May this year, so less than 3 months old! The site ranks for his keyword choice (not very competitive), which is in the domain name. For me I'm not at all surprised with Google's low ranking after such a short period but quite surprsied to see it ranking page 1 on Bing and Yahoo. No seo work has been done yet and there are no inbound links. Anyone else have experience of this? Should I be surprised or is that normal in the other two search engines? Thanks in advance Trevor
Technical SEO | | TrevorJones0 -
How do you manage Wordpress URL hierarchy with permalinks?
I have quite a few website in Wordpress but I continuously run into the same issue. With permalinks it is not recommended to use /%category%/%post_name%/ because it puts an undue load on your bandwidth, server and makes the crawler crawl a ton of duplicate content pages. On one site changing to that hierarchy even crashed some of the pages (probably a permissions error). I would like a correct information hierarchy, but this doesn't seem like correct play. What do you use as your URL hierarchy?
Technical SEO | | MarloSchneider
Do you have any plugins or fixes for this issue? Thanks0
