Malware & Wordpress
-
Google has identified Malware on on eof our Wordpress sites. In webmaster tools it names the 10 pages where code has been injected.
I cant' find them easily via the WP dashboard and wondered if anyone had had any experience of this and what steps they took?
Plus are there any measure I can take to fight against this? The site is on the latest WP version.
Thanks,
Colin
-
Thanks Majid,
Sucuri Scanner looks good. I wonder if you had any experience of it?
If it can remove the malware as well as alerting me of any future hacks it would seem money well-spent.
Colin
-
Thanks Marie (and Dan and Majid),
I am going through the plugins and widgets now. I re-installed a clean version of the Theme too but not sure if I've done that too soon if the script is still there.
I can see the page titles in Webmaster Tools but cant' find the actual pages on the server to delete, in case that helps.
I will definitely look at the security suggestions and resources suggested. Thanks for the tips.
Marie I will PM you too if I may.
Thanks guys,
Colin
-
That would be ok if you use these plugin as well :
http://wordpress.org/extend/plugins/sucuri-scanner/
-
Colin
Any luck with this yet? I'd follow Marie's good advise and first be sure everything is updated. Then try these things to find it;
- Disable each plugin one by one and see if it goes away.
- Can you see the code when you view source or use a tools like browseo.net or shut off CSS? If you can see the location of the injected code you may be able to tell where it was inserted.
- If you can't see it viewing source or with browseo etc - try doing a Google cache: search and view in text only.
- Check your widgets.
- Check your .htaccess file
Once you find it definitely check out this document on securing wordpress.
Let us know how it goes.
-Dan
-
Definitely keep your plugins updated. Plus, if you use Timthumb on any of your sites, do some research on Timthumb vulnerabilities.
Make sure you change all of your wordpress passwords after cleaning up.
And, if you get hit again, despite your cleanup, hire a professional! I had a nasty job done on one of my sites. My host thought they'd fixed it and it came back. I hired sucuri.net to fix it and after 3 weeks they were no further ahead. I hired a professional guy (pm me for the name if you want to hire him) and it took him a while but he figured it out. Not all malware issues are that complicated though.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Site Architecture & URL length
Hello SEO Folks, Wanting to have an expert advice on which one we should give preference. We understand a well put-together site architecture is one of the major factor ranking factor. In the other hand shorter URL also an important factor. Since our site aim to have many pages and destination wise product pages, in order to have shorter URL we avoid to follow the best site structure. in our site a product page do not have the right path to have right architecture, would it hurt our DA ? Thanks in advance John Adventure Emirates
Technical SEO | | Johnauh0 -
Image & Video Sitemaps - Submitted vs. Indexed
Hi Mozzers, I have read all the relevant blogs from media indexing experts like Phil Nottingham and have followed Google's best practice as well as advice from similar discussions on here. We have submitted video and image sitemaps to WT, and the image sitemap has 33 indexed from 720 submitted images, and the video 170 indexed from 738 submitted. With the image sitemap the number (33) has remained steady while the submitted has grown by over 100 in the last month. The video has shown signs of indexing new videos however but still not the amount that were submitted. Thus far, I have followed the guidelines sitemap structure as per Google. We are using Cloudfront so I have added and verified our cloudfront server in the same WT account. If anyone has any advice, it would be most appreciated. There is no duplicate content and the robots.txt is not blocking anything within the sitemap. Image sitemap: view-source:http://www.clowdy.com/sitemap.images.xml
Technical SEO | | Morrreau0 -
How do I add "noindex" or "nofollow" to a link in Wordpress
It's been a while since I've SEOed a Wordpress site. How do I add "nofollow" or "noindex" to specific links? I highlight the anchor text in the text editor, I click the "link" button. I could have sworn that there used to be an option in the dialogue box that pops up.
Technical SEO | | CsmBill0 -
Canonical & rel=prev / next changes to website a good idea or not?
Hi all, I decided yesterday to make a load of changes to my website, and today i woke thinking, should i have done that! So below is an example of what i have done (i will try to explain clearly anyway), can you let me know if you think what i have done would harm or help my website in search results etc... ok, so lets take just one category - Cameras And it has the sub categories - box dome bullet it also has other sub categories (which are actually features, but the only way i can show them on my site is by having them as a sub-category with its own static page, and adding the products to these as secondary categories) vandal proof high resolution night vision previously i have it set up so that every single category / sub category / feature had its own static page, with a canonical tag to itself (i.e cameras.html canonical was to cameras.html, vandalproof.html canonical was to vandalproof.html). Any of the categories / sub cats / features that had more than one page were simply not in search results due to the canonical pointing to "Page 1"... What i have now done: Last night i decided to change all this, now for all categories / sub cats / features i have add rel=prev / next where applicable, and removed the canonical from second / third / fourth pages etc, but left the canonical on "page 1". I also removed any keywords from page 2,3,4 etc and changed descriptions to just page "X" + category name. So for example, page one looks like: and page two looks like: I also went a little further (maybe too far) and decided that the features pages would canonicalize back to cameras so for those i now have: Page 1: Page 2: Any advice is welcome on the above, in regards to which way may be better and why, and obviously if anything jumps out as a mistake... Please advise James
Technical SEO | | isntworkdull0 -
Why I am a seeing an error for duplicate content for any categories and tags on my Wordpress blog?
When I look under "Crawl Diagnostics" I see I have 12 errors for duplicate content and there are all from tags and categories. I am assuming that search engines are reading the content in the tags and categories as duplicate. Should I set my categories to "no-index?"
Technical SEO | | brytewire0 -
Translating Page Titles & Page Descriptions
I am working on a site that will be published in the original English, with localized versions in French, Spanish, Japanese and Chinese. All the versions will use the English information architecture. As part of the process, we will be translating the page the titles and page descriptions. Translation quality will be outstanding. The client is a translation company. Each version will get at least four pairs of eyes including expert translators, editors, QA experts and proofreaders. My question is what special SEO instructions should be issued to translators re: the page titles and page descriptions. (We have to presume the translators know nothing about SEO.) I was thinking of: stick to the character counts for titles and descriptions make sure the title and description work together avoid over repetition of keywords page titles (over-optimization peril) think of the descriptions as marketing copy try to repeat some title phrases in the description (to get the bolding and promote click though) That's the micro stuff. The macro stuff: We haven't done extensive keyword research for the other languages. Most of the clients are in the US. The other language versions are more a demo of translation ability than looking for clients elsewhere. Are we missing something big here?
Technical SEO | | DanielFreedman0 -
Which do you believe & why? Wordpress posts or pages?
I hear a lot of conflicting opinions regarding when to use pages over posts. If you were using wordpress mainly as a static site and less of a blog would you use pages over posts? Let's say it is a yacht review site. Would you set up most of the content (boat review pages) as pages or posts? I hear some say in that case you would want to use mostly pages and use posts for news related items. Then there are others that suggest only making the few (contact, about, privacy, terms) as pages and everything else created as posts organized into categories. Any thoughts? Also, is there a tool to find out if a website that is not yours is using a page or a post? Thanks
Technical SEO | | PEnterprises0 -
Geotargeting a folder in GWT & IP targeting
I am curently managing a .com that targets Canada and we will soon be launching a .com/us/ that will target the US. Once we launch the /us/ folder, we want to display the /us/ content to any US IP. My concern is that Google will then only index the /us/ content, as their IP is in the US. So, if I set up .com and .com/us/ as two different sites in GWT, and geotarget each to the Country it is targeting, will this take care of the problem and ensure that Google indexes the .com for Canada, and the /us/ for the US? Is there any alternative method (that does not include using the .ca domain)? I am concerned that Google would not be able to see the .com content if we are redirecting all US traffic to .com/us/. Any examples of this online anywhere?
Technical SEO | | bheard0