Malware & Wordpress
-
Google has identified Malware on on eof our Wordpress sites. In webmaster tools it names the 10 pages where code has been injected.
I cant' find them easily via the WP dashboard and wondered if anyone had had any experience of this and what steps they took?
Plus are there any measure I can take to fight against this? The site is on the latest WP version.
Thanks,
Colin
-
Thanks Majid,
Sucuri Scanner looks good. I wonder if you had any experience of it?
If it can remove the malware as well as alerting me of any future hacks it would seem money well-spent.
Colin
-
Thanks Marie (and Dan and Majid),
I am going through the plugins and widgets now. I re-installed a clean version of the Theme too but not sure if I've done that too soon if the script is still there.
I can see the page titles in Webmaster Tools but cant' find the actual pages on the server to delete, in case that helps.
I will definitely look at the security suggestions and resources suggested. Thanks for the tips.
Marie I will PM you too if I may.
Thanks guys,
Colin
-
That would be ok if you use these plugin as well :
http://wordpress.org/extend/plugins/sucuri-scanner/
-
Colin
Any luck with this yet? I'd follow Marie's good advise and first be sure everything is updated. Then try these things to find it;
- Disable each plugin one by one and see if it goes away.
- Can you see the code when you view source or use a tools like browseo.net or shut off CSS? If you can see the location of the injected code you may be able to tell where it was inserted.
- If you can't see it viewing source or with browseo etc - try doing a Google cache: search and view in text only.
- Check your widgets.
- Check your .htaccess file
Once you find it definitely check out this document on securing wordpress.
Let us know how it goes.
-Dan
-
Definitely keep your plugins updated. Plus, if you use Timthumb on any of your sites, do some research on Timthumb vulnerabilities.
Make sure you change all of your wordpress passwords after cleaning up.
And, if you get hit again, despite your cleanup, hire a professional! I had a nasty job done on one of my sites. My host thought they'd fixed it and it came back. I hired sucuri.net to fix it and after 3 weeks they were no further ahead. I hired a professional guy (pm me for the name if you want to hire him) and it took him a while but he figured it out. Not all malware issues are that complicated though.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Blogger to Wordpress 301 and Meta Refresher Redirect
Hi Everyone! So my client has a blogger that she has developed a good amount of link equity for. It is a hersite.blogspot.com (she doesn't own her own domain yet). She is moving to the Wordpress platform though and the only way we can do a redirect is through a meta refresh redirect (since she doesn't have access to the servers on blogger). I went to Google Webmasters to do a change of address and found that the 301 checker said it couldn't find any 301 redirect, which is disappointing. What we're planning is telling all the places that link to the blog to change their links to the new blog but other than that what does anyone recommend to keep this link strength? Thanks!
Technical SEO | | mattdinbrooklyn0 -
Duplicate Titles on Wordpress blog pages
Hi, I have an issue where I am getting for duplicate page titles for pages that shouldn't exist. The issue is on the blog index page's (from 0 - 16) and involves the same set of attachment_id for each page, i.e. /blog/page/10/?attachment_id=minack /blog/page/10/?attachment_id=ponyrides /blog/page/11/?attachment_id=minack /blog/page/11/?attachment_id=ponyrides There are 6 attachment_id values (and they are not ID values either) which repeat for every page on the index now what I can't work out is where those 6 links are coming from as on the actual blog index page http://www.bosinver.co.uk/blog/page/10/ there are no links to it and the links just go to blog index page and it ignores the attachment_id value. There is no sitemap.xml file either which I thought might have contained the links. Thanks
Technical SEO | | leapSEO0 -
Can anyone recommend a wordpress forum for commercial theme help
Hi, i am trying to find a forum for wordpress when you have bought a commercial theme. I am looking at learning how to change a site for a better user experience and for better seo but there does not seem to be any wordpress forums that i can find for when people have bought a commercial theme any help in finding one would be great
Technical SEO | | ClaireH-1848860 -
Round 3 & still no indexing for varicose veins :-(
Greetings from 11 degrees C partly suuny Wetherby 🙂 Every so oftem you hit an SEO mission that just consistently hits a brick wall. For the third time i'm investigating why this page:
Technical SEO | | Nightwing
http://www.collegeofphlebology.com/varicose-veins/what-are-they/ fails to even reach the bottom of page 3. Ive gone back to basic and ran an SEO audit of sorts in an attempt to see if I'd missed anything. Here is the audit: http://i216.photobucket.com/albums/cc53/zymurgy_bucket/audit-for-moz.jpg So my question is please: From a technical SEO perspective is there anything wrong with this page http://www.collegeofphlebology.com/varicose-veins/what-are-they/ to explain why it does not rank for target term "Varicose Veins" Thanks in advance,
David0 -
Duplicate content + wordpress tags
According to SEOMoz platform, one of my wordpress websites deals with duplicate content because of the tags I use. How should I fix it? Is it loyal to remove tag links from the post pages?
Technical SEO | | giankar0 -
How do you incorporate a Wordpress blog onto an ecommerce website?
Hello there, We have a company website: http://www.parklanechampagne.co.uk/ and a Wordpress blog: http://www.alastairharrison.me/ and I would like the blog on the subfolder http://www.parklanechampagne.co.uk/blog so that we get maximum SEO benefit from updating this regularly (I understand this would be better than putting it on a subdomain blog.parklanechampagne.co.uk?). The Wordpress blog is hosted externally but I was after some advice on how we can move this blog to the parklanechampagne/blog subfolder? Any help gratefully received - I've asked several SEO and web agencies this question and had a lot of contrasting replies! Many thanks, Jon
Technical SEO | | jonmorse860 -
301 redirect on wordpress.com
Hi, How/where do I input a 301 redirect for my http site within wordpress.com. I am already redirecting my wordpress url to myy new non wordpress domain Thanks Lisa
Technical SEO | | lisamarieCunn0 -
Wordpress SEO Errors - Any advice?
Hi all! My site is on the WP platform and I'm having a crawl error. Wondering if you guys could possibly help me figure out what's going on? I have a good number of 404 errors where the links seems to be appended and I can't figure out why. I've scoured my individual posts and cannot seem to find the broken link? The crawl error looks a bit like this: http://preciousthingsphotography.com/2007/12/10/chicago-family-photographer-welcome/http:%2F%2Fpreciousthingsphotography.com%2F2007%2F12%2F10%2Fchicago-family-photographer-welcome%2F You can see that my original link is somehow being doubled with the slashes being replaced? This is happening on all of my posts. Any ideas as to what could be going on? Thanks so much!
Technical SEO | | ptpgen0