Malware & Wordpress
-
Google has identified Malware on on eof our Wordpress sites. In webmaster tools it names the 10 pages where code has been injected.
I cant' find them easily via the WP dashboard and wondered if anyone had had any experience of this and what steps they took?
Plus are there any measure I can take to fight against this? The site is on the latest WP version.
Thanks,
Colin
-
Thanks Majid,
Sucuri Scanner looks good. I wonder if you had any experience of it?
If it can remove the malware as well as alerting me of any future hacks it would seem money well-spent.
Colin
-
Thanks Marie (and Dan and Majid),
I am going through the plugins and widgets now. I re-installed a clean version of the Theme too but not sure if I've done that too soon if the script is still there.
I can see the page titles in Webmaster Tools but cant' find the actual pages on the server to delete, in case that helps.
I will definitely look at the security suggestions and resources suggested. Thanks for the tips.
Marie I will PM you too if I may.
Thanks guys,
Colin
-
That would be ok if you use these plugin as well :
http://wordpress.org/extend/plugins/sucuri-scanner/
-
Colin
Any luck with this yet? I'd follow Marie's good advise and first be sure everything is updated. Then try these things to find it;
- Disable each plugin one by one and see if it goes away.
- Can you see the code when you view source or use a tools like browseo.net or shut off CSS? If you can see the location of the injected code you may be able to tell where it was inserted.
- If you can't see it viewing source or with browseo etc - try doing a Google cache: search and view in text only.
- Check your widgets.
- Check your .htaccess file
Once you find it definitely check out this document on securing wordpress.
Let us know how it goes.
-Dan
-
Definitely keep your plugins updated. Plus, if you use Timthumb on any of your sites, do some research on Timthumb vulnerabilities.
Make sure you change all of your wordpress passwords after cleaning up.
And, if you get hit again, despite your cleanup, hire a professional! I had a nasty job done on one of my sites. My host thought they'd fixed it and it came back. I hired sucuri.net to fix it and after 3 weeks they were no further ahead. I hired a professional guy (pm me for the name if you want to hire him) and it took him a while but he figured it out. Not all malware issues are that complicated though.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Sitemap issue? 404's & 500's are regenerating?
I am using the WordPress SEO plugin by Yoast to generate a sitemap on http://www.atozqualityfencing.com. Last month, I had an associate create redirects for over 200 404 errors. She did this via the .htaccess file. Today, there are the same amount of 404s along with a number of 503 errors. This new Wordpress website was constructed on a subdirectory and made live by simply entering some code into the .htaccess file in order to direct browsers to the content we wanted live. In other words, the content actually resides in a subdirectory titled "newsite" but is shown live on the main url. Can you tell me why we are having these 404 & 503 errors? I have no idea where to begin looking.
Technical SEO | | JanetJ0 -
Should publish as page or blog posts on Wordpress ?
We have a technical blog website and our primary income is from blog. Recently we developed a open source free tool and but we are not sure if we need to publish it as wordpress page or as normal blog post. We don't look for an income from these tools. Later we will publish this tool in github. Also we have plan to develop many tools (small open source software) like this. So please advise we should place as Page mywebsite/tool1 mywebsite/tool2 or Normal blog posts mywebsite/toolcategory/tool1 mywebsite/toolcategory/tool2 Thanks!!!
Technical SEO | | Scaria0 -
Changing the order of items on page against Google Terms & Conditions?
Good day, I am wondering if anybody here has done something like this before. I have a page in one of my sites that contains a number of different - but related - free resources. The resources can be sorted in different ways once the user is on the page. Now I am starting an outreach campaign, and want to be able to send out custom URLS (which pretty much means they have different query strings after them like '?id=123' ) so that when a person clicks on the link to the page it brings up the stuff they are more likely to be interested in at the top. I expect - hope - that some of these people will put links back to this page as a result of this. Now all the links may be slightly different, but they will come to the same page and the content will look slightly different. I will make sure to have the rel=canonical tag in place. Does anybody know if this would be in violation of Google Terms and Conditions. I can't see how, but I wanted to see what the experts here on Moz think before moving forward. Thanks in advance.
Technical SEO | | rayvensoft0 -
Wordpress BackupBuddy adding ?doing_wp_cron= in URLS
Hi Has anyone found WordPress Backup Buddy causing a problem with SEO. I understand why it does it, but wondered if anyone experienced issues with this? Only sometimes it adds /?doing_wp_cron=****** on to the end of a URL Thanks Tom
Technical SEO | | TomPryor831 -
Will deleting Wordpress tags result in 404 errors or anything?
I want to clean up my tags and I'm worried I'm going to look in my webmasters the next day with hundreds of errors. Whats the best way of doing this?
Technical SEO | | howlusa0 -
Discontinuing a site & Redirecting Traffic to an Internal Page
We are wondering the best way to redirect the traffic from a site that will no longer exist. The Scenario:
Technical SEO | | TopFloor
Our client wants to discontinue this website http://www.animalcarepackaging.com/. We’d like to redirect the traffic from this site to an internal page on our client's other website: http://www.glenroy.com/packaging/. This internal page is the most appropriate to the content that appears on animalcarepackaging.com (as opposed to just the entire site glenroy.com). Possible Options We Are Considering:
Option 1: Keep hosting animalcarepackaging.com and add a 301 redirect for all pages to glenroy.com/packaging/. Our concern with this option is that Google/Bing will see animalcarepackaging.com as a gateway, which could hurt glenroy.com. Option 2: Keep hosting animalcarepackaging.com and add a 301 redirect so all pages are sent to glenroy.com/packaging/; AND file a change of address with Google and Bing. We believe this will allow people who have bookmarked animalcarepackaging.com to go to glenroy.com/packaging/; while people searching for animalcarepackaging.com will go to glenroy.com's home page. We would augment this by posting a message on the homepage of animalcarepackaging.com notifiying users that the site will be discontinued and info will be found at glenroy.com/packaging. Option 3: Do a change of address with Google/Bing and send all traffic to glenroy.com (rather than an internal page). Post information on the homepage of animalcarepackaging.com that the site will be discontinued on X-date, and info about animalcarepackaging.com will be able to be found at glenroy.com/packaging. Looking for feedback on our options and suggestions on how this can be handled.0 -
External Linking & Your sites Link juice
Hey guys, quick question. Does a page lose link juice when it gives link juice? If I link to an outside site, do I lose that same amount of link juice or is it just applied to there site and not removed from mine? I understand that linking to a competitor can in turn help him and hurt me (if he then is seen as more relevant than me to google) but does it have a direct relation to hurting/removing my page link juice? Hope this all makes sense. Thanks
Technical SEO | | SheffieldMarketing0 -
Subdomains & SEO
Exact match domains are great for ranking but what about domains which contain just half of the full phrase being targeted? eg. If you owned the domain rentals.co.uk but wanted to target the search term "car rentals" Regarding backlinks, would it be best to link back to your rentals.co.uk homepage (using anchor text "car rentals") or to one of the following: a) www.rentals.co.uk/car-rentals b) car.rentals.co.uk AND 301 redirect to www.rentals.co.uk c) car.rentals.co.uk AND 301 redirect to www.rentals.co.uk/car-rentals
Technical SEO | | martyc1