Malware & Wordpress
-
Google has identified Malware on on eof our Wordpress sites. In webmaster tools it names the 10 pages where code has been injected.
I cant' find them easily via the WP dashboard and wondered if anyone had had any experience of this and what steps they took?
Plus are there any measure I can take to fight against this? The site is on the latest WP version.
Thanks,
Colin
-
Thanks Majid,
Sucuri Scanner looks good. I wonder if you had any experience of it?
If it can remove the malware as well as alerting me of any future hacks it would seem money well-spent.
Colin
-
Thanks Marie (and Dan and Majid),
I am going through the plugins and widgets now. I re-installed a clean version of the Theme too but not sure if I've done that too soon if the script is still there.
I can see the page titles in Webmaster Tools but cant' find the actual pages on the server to delete, in case that helps.
I will definitely look at the security suggestions and resources suggested. Thanks for the tips.
Marie I will PM you too if I may.
Thanks guys,
Colin
-
That would be ok if you use these plugin as well :
http://wordpress.org/extend/plugins/sucuri-scanner/
-
Colin
Any luck with this yet? I'd follow Marie's good advise and first be sure everything is updated. Then try these things to find it;
- Disable each plugin one by one and see if it goes away.
- Can you see the code when you view source or use a tools like browseo.net or shut off CSS? If you can see the location of the injected code you may be able to tell where it was inserted.
- If you can't see it viewing source or with browseo etc - try doing a Google cache: search and view in text only.
- Check your widgets.
- Check your .htaccess file
Once you find it definitely check out this document on securing wordpress.
Let us know how it goes.
-Dan
-
Definitely keep your plugins updated. Plus, if you use Timthumb on any of your sites, do some research on Timthumb vulnerabilities.
Make sure you change all of your wordpress passwords after cleaning up.
And, if you get hit again, despite your cleanup, hire a professional! I had a nasty job done on one of my sites. My host thought they'd fixed it and it came back. I hired sucuri.net to fix it and after 3 weeks they were no further ahead. I hired a professional guy (pm me for the name if you want to hire him) and it took him a while but he figured it out. Not all malware issues are that complicated though.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Google Not Indexing Pages (Wordpress)
Hello, recently I started noticing that google is not indexing our new pages or our new blog posts. We are simply getting a "Discovered - Currently Not Indexed" message on all new pages. When I click "Request Indexing" is takes a few days, but eventually it does get indexed and is on Google. This is very strange, as our website has been around since the late 90's and the quality of the new content is neither duplicate nor "low quality". We started noticing this happening around February. We also do not have many pages - maybe 500 maximum? I have looked at all the obvious answers (allowing for indexing, etc.), but just can't seem to pinpoint a reason why. Has anyone had this happen recently? It is getting very annoying having to manually go in and request indexing for every page and makes me think there may be some underlying issues with the website that should be fixed.
Technical SEO | | Hasanovic1 -
Wordpress 4xx errors from comment re-direct
About a month ago, we had a massive jump in 4XX errors. It seems the majority are being caused by the comment tool on wordpress, which is generating a link that looks like this "http://www.turnerpr.com/blog/wp-login.php?redirect_to=http%3A%2F%2Fwww.turnerpr.com%2Fblog%2F2013%2F09%2Fturners-crew-royal-treatment-well-sort-of%2Fphoto-2-2%2F" On every single post. We're using Akismet and haven't had issues in the past....and I can't figure out the fix. I've tried turning it off and back on; I'm reluctant to completely switch commenting systems because we'd lose so much history. Anyone seen this particular re-direct love happen before? Angela
Technical SEO | | TurnerPR0 -
Wordpress: Tags generate duplicate Content - just delete the tags!?
Asking people, they say tags are bad and spamy and as I can see they generate all my duplicate page content issues. So the big question is, why Google very often prefers to show in SERPS these Tag-URLS... so it can't be too bad! :)))? Then after some research I found the "Term Optimizer" on Yoast.com ... that should help exactly with this problem but it seems not to be available anymore? So may be there another plugin that can help... or just delete all tags from my blog? and install permanent redirects?
Technical SEO | | inlinear
Is this the solution?0 -
Geo Domains & SEO Issues
Hi Is there issues to duplicate content on geo specific domains. For example we have a client with a .co.uk site who wants to create a .ie website for the local market, rather than sending them to the UK site. The content would be duplicated with limited customization. What issues would you for-see and how could they be overcome? Thank you
Technical SEO | | RadicalMedia0 -
Wordpress Blog Blocked by Metarobots
Upon receiving my first crawl report from new pro SEOMoz acc (yaay!) I've found that the wordpress blog plugged into my site hasn't been getting crawled due to being blocked by metarobots. I'm not a developer and have very little tech expertise, but a search dug up that the issue stemmed from the wordpress site settings > privacy > Ask search engines not to index this site option being selected. On checking the blog "Allow search engines to index this site" was selected so I'm unsure what else to check. My level of expertise means I'm not confident going into the back end of the site and I don't have a tech guy on site to speak to. Has anyone else had this problem? Is it common and will I need to consult a developer to get this fixed? Many thanks in advance for your help!
Technical SEO | | paj19790 -
Magento Robots & overly dynamic URL-s
How can i block all URL-s on a Magento store that have 2 or more dynamic parameters in it, since all the parameters have attribute name in it and not some uniform ID Would something like: Disallow: /?&* work? Since the only thing that is constant throughout all the custom parameters is that they are separated with "&" Thanks 🙂
Technical SEO | | tilenkrivec0 -
Generating a Sitemap for websites linked to a wordpress blog
Greetings, I'm looking for a way to generate a sitemap that will include static pages on my home directory, as well as my wordpress blog. The site that I'm trying to build this for is in a temporary folder, and can be accessed at http://www.lifewaves.com/Website 3.0 I plan on moving the contents of this folder to the root directory for lifewaves.com whenever we are go for launch. What I'm wondering is, is there a way to build a sitemap or sitemap index that will point to the static pages of my site, as well as the wordpress blog while taking advantage of the built in wordpress hierarchy? If so, what's an easy way to do this. I have generated a sitemap using Yoast, but I can't seem to find any xml files within the wordpress folder. Within the plugin is a button that I can click to access the sitemap index, but it just brings me to the homepage of my blog. Can I build a sitemap index that points to a sitemap for the static pages as well as the sitemap generated by yoast? Thank you in advance for your help!! P.S. I'm kind of a noob.
Technical SEO | | WaveMaker0 -
Toolbar sais 33 PA & DA, does Google have the same values?
Hey Mozzers, I've moved a domain 301 redirect to a new site... after around 2-3 weeks the seomoz toolbar sais i have PA & DA 33... which were both 1 as being a new domain. Does Google credit the same kind of value to the new website if seomoz found the PA & DA being "33"?
Technical SEO | | mosaicpro0