Malware & Wordpress
-
Google has identified Malware on on eof our Wordpress sites. In webmaster tools it names the 10 pages where code has been injected.
I cant' find them easily via the WP dashboard and wondered if anyone had had any experience of this and what steps they took?
Plus are there any measure I can take to fight against this? The site is on the latest WP version.
Thanks,
Colin
-
Thanks Majid,
Sucuri Scanner looks good. I wonder if you had any experience of it?
If it can remove the malware as well as alerting me of any future hacks it would seem money well-spent.
Colin
-
Thanks Marie (and Dan and Majid),
I am going through the plugins and widgets now. I re-installed a clean version of the Theme too but not sure if I've done that too soon if the script is still there.
I can see the page titles in Webmaster Tools but cant' find the actual pages on the server to delete, in case that helps.
I will definitely look at the security suggestions and resources suggested. Thanks for the tips.
Marie I will PM you too if I may.
Thanks guys,
Colin
-
That would be ok if you use these plugin as well :
http://wordpress.org/extend/plugins/sucuri-scanner/
-
Colin
Any luck with this yet? I'd follow Marie's good advise and first be sure everything is updated. Then try these things to find it;
- Disable each plugin one by one and see if it goes away.
- Can you see the code when you view source or use a tools like browseo.net or shut off CSS? If you can see the location of the injected code you may be able to tell where it was inserted.
- If you can't see it viewing source or with browseo etc - try doing a Google cache: search and view in text only.
- Check your widgets.
- Check your .htaccess file
Once you find it definitely check out this document on securing wordpress.
Let us know how it goes.
-Dan
-
Definitely keep your plugins updated. Plus, if you use Timthumb on any of your sites, do some research on Timthumb vulnerabilities.
Make sure you change all of your wordpress passwords after cleaning up.
And, if you get hit again, despite your cleanup, hire a professional! I had a nasty job done on one of my sites. My host thought they'd fixed it and it came back. I hired sucuri.net to fix it and after 3 weeks they were no further ahead. I hired a professional guy (pm me for the name if you want to hire him) and it took him a while but he figured it out. Not all malware issues are that complicated though.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
How can i safely eliminate wordpress unused tags?
Hi Over several years I used many tags ( more then 1000 ) on my wordpress website 😞 but most of them haven't any view and haven't any clicks on google search . now I want delete this old - useless - unused tags but I'm worried about seo problem like many 404 pages and problems like this . Does anyone have safe way to delete these wordpress tags? how can i safely remove them?
Technical SEO | | markdoel0 -
What's the best way for users to upload their images to my wordpress site to promote UGC
I have looked at lots of different plugins and wanted a recommendation for an easy way for patients of ours to upload pictures of them out partying and having fun and looking beautiful so future users can see the final results instead of sometimes gory or difficult to understand before and after images. I'd like to give them the opportunity to write captions (like facebook or insta posts and would offer them incentives to do so. I don't want it to be too complicated for them or have too many steps or barriers but I do want it to look nice and slick and modern. Also do you think this would have a positive impact on SEO? I was also thinking of a Q&A app where dentists could get Q&A emails and respond - i've been doing AMA sessions and they've been really successful and I would like to bring it into out site and make it native. Thanks in advance 🙂
Technical SEO | | Smileworks_Liverpool1 -
How to fix Google index after fixing site infected with malware.
Hi All Upgraded a Joomla site for a customer a couple of months ago that was infected with malware (it wasn't flagged as infected by google). Site is fine now but still noticing search queries for "cheap adobe" etc with links to http://domain.com/index.php?vc=201&Cheap_Adobe_Acrobat_xi in web master tools (about 50 in total). These url's redirect back to home page and seem to be remaining in the index (I think Joomla is doing this automatically) Firstly, what sort of effect would these be having on on their rankings? Would they be seen by google as duplicate content for the homepage (moz doesn't report them as such as there are no internal links). Secondly what's my best plan of attack to fix them. Should I setup 404's for them and then submit them to google? Will resubmitting the site to the index fix things? Would appreciate any advice or suggestions on the ramifications of this and how I should fix it. Regards, Ian
Technical SEO | | iragless0 -
Headers & Footers Count As Duplicate Content
I've read a lot of information about duplicate content across web pages and was interested in finding out about how that affected the header and footer of a website. A lot of my pages have a good amount of content, but there are some shorter articles on my website. Since my website has a header, footer, and sidebar that are static, could that hurt my ranking? My only concern is that sometimes there's more content in the header/footer/sidebar than the article itself since I have an extensive amount of navigation. Is there a way to define to Google what the header and footer is so that they don't consider it to be duplicate content?
Technical SEO | | CyberAlien0 -
Wordpress Categories and Over-Optimization Question
I would like to switch my sidebar from listing Category Name with posts listed below each- to a concise custom menu. This custom menu would list the top three products I am promoting first, and then go on to list the categories on my site. Currently it looks like this (but with 6 categories, with between 7-10 items in each - this is on EVERY page) Widgets
Technical SEO | | PrivatePartners
-Green Widget
-Blue Widget Gidwets
-Big Gidwet
-Small Gidwet I rank well in google right now, but I am concerned that changing my sidebar will result in a penalty. Maybe for over-optimizing my top three products I promote, or possibly for trying to control the flow of link juice. Can anyone chime in here who has adjusted their site structure within wordpress, and tell me what you found worked best? ** Before anyone asks**, this structure does work much better for the user. My sidebar now is massive, and is confusing even to me.0 -
Site migration from Drupal to WordPress - Question about Drupal Back end
This is really a developer/Webmaster issue. The closest category available to select was "Technical SEO" - but technically, this isn't a question about SEO, per se. I am doing free SEO work for a local arts organization as my way of giving them a charitable contribution. Despite my advice to stay on Drupal and improve the site on its current platform, they want something easier to manage for volunteers. This is perfectly understandable, although not my recommendation. Of course, not knowing anything about SEO, their first impulse was to simply shut down the old site, cancel all of their old pages, point the domain to their new WordPress site and completely start over. Thank goodness I yelled "Halt!" before they went this far 🙂 They really have no idea what they are doing and I want to help guide them through this process in a way that preserves as much as possible their inbound links (they have tons of .edu and .gov links because they are a local community arts organization). Of course they don't understand how valuable these are, so I have a lot of educating to do. I am trying to get them a quote from a professional developer to help migrate from Drupal to WordPress. The only login information anyone has been able to send me is login to their FTP. No one seems to have a login for the Drupal CMS back end, and when I asked for it they looked like deer caught in headlights Can someone tell me, or even send me a screenshot of what the admin login page looks like for a Drupal site, so I can explain better to this client what I am looking for? I have no experience with Drupal, but surely, there is a backend where the site pages and content can be updated.? There must also be a database of customers/registrants, etc. not to mention a place where all the meta tags, etc can be entered and stored? Last but not least, if no one is able to find their site's Drupal login info, is there any way under the sun for me to retrieve it for them? I have a Developer in mind whose got loads of experience migrating from Drupal to WP, but he needs a .sql export file with the contents of the curent databse in order to give us a quote. Does anyone have any advice? (Other than "This should teach you not to offer your services up to charity!" LOL)
Technical SEO | | danatanseo0 -
Does having mulitste wordpress with same templaes hurt you?
Ok seo guys, don't get crazy here I am not trying to build a link wheel or anything black hat that's why I am asking. I want to create several sites that are within my niche but cannot be on the same site because it just wouldn't make sense. So for the purpose of branding a company can we have multi sites with similar templates or does google not want this. I am not trying to rank these for the sole purpose of back linking but I want them all on a mulit site so they can have the same buddy press network. Let me know what you guys think.
Technical SEO | | JasonRae1 -
Switching Hosting & SEO
Hello friends, We are facing the prospect of switching to a new hosting account or company. We are currently using a third-party reseller account but are outgrowing that account. We are considering VPS and dedicated servers. However, this will mean updates for IPs and nameservers. Does anyone have experience with SEO consequences of making switch? Best practices? Tips? Obstacles? Any and all comments/advice welcome. We're trying to balance the potential SEO ramifications of making the switch with the consequences of reduced site speed.
Technical SEO | | Gyi0