Malware & Wordpress
-
Google has identified Malware on on eof our Wordpress sites. In webmaster tools it names the 10 pages where code has been injected.
I cant' find them easily via the WP dashboard and wondered if anyone had had any experience of this and what steps they took?
Plus are there any measure I can take to fight against this? The site is on the latest WP version.
Thanks,
Colin
-
Thanks Majid,
Sucuri Scanner looks good. I wonder if you had any experience of it?
If it can remove the malware as well as alerting me of any future hacks it would seem money well-spent.
Colin
-
Thanks Marie (and Dan and Majid),
I am going through the plugins and widgets now. I re-installed a clean version of the Theme too but not sure if I've done that too soon if the script is still there.
I can see the page titles in Webmaster Tools but cant' find the actual pages on the server to delete, in case that helps.
I will definitely look at the security suggestions and resources suggested. Thanks for the tips.
Marie I will PM you too if I may.
Thanks guys,
Colin
-
That would be ok if you use these plugin as well :
http://wordpress.org/extend/plugins/sucuri-scanner/
-
Colin
Any luck with this yet? I'd follow Marie's good advise and first be sure everything is updated. Then try these things to find it;
- Disable each plugin one by one and see if it goes away.
- Can you see the code when you view source or use a tools like browseo.net or shut off CSS? If you can see the location of the injected code you may be able to tell where it was inserted.
- If you can't see it viewing source or with browseo etc - try doing a Google cache: search and view in text only.
- Check your widgets.
- Check your .htaccess file
Once you find it definitely check out this document on securing wordpress.
Let us know how it goes.
-Dan
-
Definitely keep your plugins updated. Plus, if you use Timthumb on any of your sites, do some research on Timthumb vulnerabilities.
Make sure you change all of your wordpress passwords after cleaning up.
And, if you get hit again, despite your cleanup, hire a professional! I had a nasty job done on one of my sites. My host thought they'd fixed it and it came back. I hired sucuri.net to fix it and after 3 weeks they were no further ahead. I hired a professional guy (pm me for the name if you want to hire him) and it took him a while but he figured it out. Not all malware issues are that complicated though.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Swapping Homepages in WordPress
Hi, Th situation is: I've cloned my homepage & added new content to the cloned page I've then updated the WordPress settings to make the cloned page the new homepage Will I lose PA as the new cloned page is in effect a new article?
Technical SEO | | jasongmcmahon0 -
How important is AMP?
I have a client site with 200+ landing pages. We implemented AMP and many of the pages lost a lot of key elements including, sidebars, Calls to Action and footers. Our developer claims that we need to customize each of the 200+ pages for AMP to show those things (don't 100% believe him). So the questions are: a. How important is AMP? if we dump AMP will that hurt us? The site is already mobile friendly and clean, loads fast.
Technical SEO | | dk7
b.Does it sound fishy that he says each page needs to be cusotomized to show sidebar, footer content, CTAs?0 -
HTTPS Migration & Preserving Link Equity
Hey All — I’m working with a site that is migrating to HTTPS and had a couple questions. I read Moz’s ‘SEO Tips & Tricks for HTTPS’ post but want some clarification on a couple items. Aside from using https canonicals... 1. What is the best way to preserve link equity from inbound links? Site wide 301 Redirect in .htacess? 2. What is the best way to redirect internal links from http to https? The site uses absolute internal links. THX!
Technical SEO | | JJLWeber0 -
Image & Video Sitemaps - Submitted vs. Indexed
Hi Mozzers, I have read all the relevant blogs from media indexing experts like Phil Nottingham and have followed Google's best practice as well as advice from similar discussions on here. We have submitted video and image sitemaps to WT, and the image sitemap has 33 indexed from 720 submitted images, and the video 170 indexed from 738 submitted. With the image sitemap the number (33) has remained steady while the submitted has grown by over 100 in the last month. The video has shown signs of indexing new videos however but still not the amount that were submitted. Thus far, I have followed the guidelines sitemap structure as per Google. We are using Cloudfront so I have added and verified our cloudfront server in the same WT account. If anyone has any advice, it would be most appreciated. There is no duplicate content and the robots.txt is not blocking anything within the sitemap. Image sitemap: view-source:http://www.clowdy.com/sitemap.images.xml
Technical SEO | | Morrreau0 -
Internal Wordpress blog ranked and not the main page
hello www.mysite.com/blog is ranked higher than www,mysite.com. i am trying to find the reason for the blog to rank higher which is not my goal. the blog reached the second page and the main domain is no where to be found. is there anything on Wordpress setup that may cause this? thanks
Technical SEO | | ciznerguy0 -
Preview not available in SERPS & Google Webmaster
Hi, I have a question regarding Google - for a site I am working on I cannot see Instant Preview, in my SERPS and also in Google Webmaster there is no blocked robot txt file and I can't figure out why I have screenshots for all my other sites? If anyone can help much obliged. L This is the site http://apexgenerators.co.uk/
Technical SEO | | lauratagdigital0 -
301 redirects & merging two sites into one
We have a client that has two sites that rank well for different searches in their market. The main pages ranking are things like advice articles and news pieces. For various reasons, they just want one site. I believe they need to duplicate the content from the outgoing site and place it on the main site, with a 301 redirect from each old page to each new one. What happens when they eventually want to redirect the entire domain? Would these smaller, internal redirects become obsolete, therefore removing any link value they once had? I am not sure how this works or if there is a best practice way to do this. Thanks Gareth
Technical SEO | | Gmorgan0 -
Adding 'NoIndex Meta' to Prestashop Module & Search pages.
Hi Looking for a fix for the PrestaShop platform Look for the definitive answer on how to best stop the indexing of PrestaShop modules such as "send to a friend", "Best Sellers" and site search pages. We want to be able to add a meta noindex ()to pages ending in: /search?tag=ball&p=15 or /modules/sendtoafriend/sendtoafriend-form.php We already have in the robot text: Disallow: /search.php
Technical SEO | | reallyitsme
Disallow: /modules/ (Google seems to ignore these) But as a further tool we would like to incude the noindex to all these pages too to stop duplicated pages. I assume this needs to be in either the head.tpl or the .php file of each PrestaShop module.? Or is there a general site wide code fix to put in the metadata to apply' Noindex Meta' to certain files. Current meta code here: Please reply with where to add code and what the code should be. Thanks in advance.0