Malware & Wordpress
-
Google has identified Malware on on eof our Wordpress sites. In webmaster tools it names the 10 pages where code has been injected.
I cant' find them easily via the WP dashboard and wondered if anyone had had any experience of this and what steps they took?
Plus are there any measure I can take to fight against this? The site is on the latest WP version.
Thanks,
Colin
-
Thanks Majid,
Sucuri Scanner looks good. I wonder if you had any experience of it?
If it can remove the malware as well as alerting me of any future hacks it would seem money well-spent.
Colin
-
Thanks Marie (and Dan and Majid),
I am going through the plugins and widgets now. I re-installed a clean version of the Theme too but not sure if I've done that too soon if the script is still there.
I can see the page titles in Webmaster Tools but cant' find the actual pages on the server to delete, in case that helps.
I will definitely look at the security suggestions and resources suggested. Thanks for the tips.
Marie I will PM you too if I may.
Thanks guys,
Colin
-
That would be ok if you use these plugin as well :
http://wordpress.org/extend/plugins/sucuri-scanner/
-
Colin
Any luck with this yet? I'd follow Marie's good advise and first be sure everything is updated. Then try these things to find it;
- Disable each plugin one by one and see if it goes away.
- Can you see the code when you view source or use a tools like browseo.net or shut off CSS? If you can see the location of the injected code you may be able to tell where it was inserted.
- If you can't see it viewing source or with browseo etc - try doing a Google cache: search and view in text only.
- Check your widgets.
- Check your .htaccess file
Once you find it definitely check out this document on securing wordpress.
Let us know how it goes.
-Dan
-
Definitely keep your plugins updated. Plus, if you use Timthumb on any of your sites, do some research on Timthumb vulnerabilities.
Make sure you change all of your wordpress passwords after cleaning up.
And, if you get hit again, despite your cleanup, hire a professional! I had a nasty job done on one of my sites. My host thought they'd fixed it and it came back. I hired sucuri.net to fix it and after 3 weeks they were no further ahead. I hired a professional guy (pm me for the name if you want to hire him) and it took him a while but he figured it out. Not all malware issues are that complicated though.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
How important is AMP?
I have a client site with 200+ landing pages. We implemented AMP and many of the pages lost a lot of key elements including, sidebars, Calls to Action and footers. Our developer claims that we need to customize each of the 200+ pages for AMP to show those things (don't 100% believe him). So the questions are: a. How important is AMP? if we dump AMP will that hurt us? The site is already mobile friendly and clean, loads fast.
Technical SEO | | dk7
b.Does it sound fishy that he says each page needs to be cusotomized to show sidebar, footer content, CTAs?0 -
Help! added WWW to wordpress site and now lost SEO ranking
Hi there Everyone! I have recently added a www to my wordpress website by going to settings>general and adding "www" to the wordpress address and the site address. After i did that i lost my SEO ranking, and also that MOZ is detecting that im getting site crawl issues stating that i have duplicate pages. an example is below: http://www.mefco.co.nz/news http://mefco.co.nz/news any ideas on how to fix this?
Technical SEO | | jfactor0 -
Problem with Wordpress RSS feed and Feedburner
Just discovered a problem with my company site's RSS feed. I'm a bit embarrassed to ask, but I thought someone in the community might have encountered this -- and I cannot figure it out for the life of me! We had redirected our Wordpress feed to Feedburner. We publish at least once per week, but no posts after March 18 are in the feed: http://feeds.feedburner.com/TheClineGroup The standard (Wordpress) RSS feed page does not load: http://theclinegroup.com/feed/ Of course, I deactivated all plug-ins to see if one of them was the issue, but the problem(s) still existed. Thanks so much for any assistance!
Technical SEO | | SamuelScott0 -
Keyword Suggestions Tool & Different Subdomains
Hey all, Was reading Dan Shure's brilliant post on the Keyword Planner, and decided to plug a few of my own pages into the URL-suggester tool as well. What I got back was nothing short of strange. After plugging in our Features page, (which describes our Social Media Contesting Platform,) and getting back a bunch of suggestions related to Dr Seuss and Interior Design Scholarships, I realized that the Keyword Suggestion tool was being broken by our subdomains. I looked for precedent on my particular issue, but I think I might not be searching properly. Could anyone provide any insight into whether or not this might affect how spiders see the content on Strutta.com, whether or not this is just something that will affect the Keyword Suggestions Tool or actual SERP rankings, and if this content is already present elsewhere on MOZ, a link to said content? Much obliged 🙂
Technical SEO | | danny.wood0 -
Discontinuing a site & Redirecting Traffic to an Internal Page
We are wondering the best way to redirect the traffic from a site that will no longer exist. The Scenario:
Technical SEO | | TopFloor
Our client wants to discontinue this website http://www.animalcarepackaging.com/. We’d like to redirect the traffic from this site to an internal page on our client's other website: http://www.glenroy.com/packaging/. This internal page is the most appropriate to the content that appears on animalcarepackaging.com (as opposed to just the entire site glenroy.com). Possible Options We Are Considering:
Option 1: Keep hosting animalcarepackaging.com and add a 301 redirect for all pages to glenroy.com/packaging/. Our concern with this option is that Google/Bing will see animalcarepackaging.com as a gateway, which could hurt glenroy.com. Option 2: Keep hosting animalcarepackaging.com and add a 301 redirect so all pages are sent to glenroy.com/packaging/; AND file a change of address with Google and Bing. We believe this will allow people who have bookmarked animalcarepackaging.com to go to glenroy.com/packaging/; while people searching for animalcarepackaging.com will go to glenroy.com's home page. We would augment this by posting a message on the homepage of animalcarepackaging.com notifiying users that the site will be discontinued and info will be found at glenroy.com/packaging. Option 3: Do a change of address with Google/Bing and send all traffic to glenroy.com (rather than an internal page). Post information on the homepage of animalcarepackaging.com that the site will be discontinued on X-date, and info about animalcarepackaging.com will be able to be found at glenroy.com/packaging. Looking for feedback on our options and suggestions on how this can be handled.0 -
Authorship and Publisher on WordPress
I successfully enabled rel=publisher on our WordPress blog, and as a test I also enabled rel=authorship for a set of blog posts. (Tested both in Google's Rich Snippets Tester.) However, on the individual blog posts the publisher credit disappears. Is there a way to enable both to appear on blog posts?
Technical SEO | | ufmedia0 -
Microsite & Ducplicate Content Concern
I have a client that wants to put up a micro-site. It's not really even a niche micro-site, it's his whole site less a category and a few other pages. He is a plastic surgeon that offers cosmetic surgery services for the Face, Breast, and Body at his private practice in City A. He has partnered with another surgeon in City B who's surgical services are limited to only the Face. City B is nearby, but not so close that they consider themselves competitors for Facial surgery. The doctors agreement is that my client will perform only Breast and Body surgery at the City B location. He can market himself in City B (which he currently is not doing on his main site) but only for Breast and Body procedures and is not to compete for Facial surgery. Therefore, he needs this second site to not include content about Facial surgery. My concern is duplicate content. His request plan: the micro-site will be on different domain and C-block, the content, location keywords and meta data will be completely re-written and target City B. However, he wants to use the same theme of his main site - same source code, html/css, same top level navigation, same sub-navigation less the Face section, same images/graphics, same forms, etc. Is it okay to have the same exact site build on a different domain with rewritten copy (less a few pages) to target the same base keywords with only a different location? The site is intended for a different user group in City B, but I'm concerned the search engines won't like this and trigger the filters. I've read a bunch of duplicate content articles including this post panda by Dr. Pete. Great post, but doesn't really answer this particular issue of duplicating code for a related site. Can anyone make a case for or against this? Thanks in advance!
Technical SEO | | cmosnod0 -
How to write 301 redirects in WordPress
I've successfully migrated new site to new domain (www.cmsearchmarketing.com) But I cannot get 301 redirects for pages and blog posts to redirect from the old domain (www.creativemindsearchmarketing.com). And it's my understanding I need to do a 301 for each page to maintain SEO. Here's what I've tried: RewriteCond %{QUERY_STRING} ^p=975$RewriteRule ^index.php$ http://www.cmsearchmarketing.com/top-5-questions-to-ask-an-seo-firm-before-signing-up/? [R=301,L] BEGIN WordPress<ifmodule mod_rewrite.c="">RewriteEngine OnRewriteBase /RewriteCond %{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-dRewriteRule . /index.php [L]</ifmodule># END WordPress #AND ALSO# Use PHP5 Single php.ini as defaultAddHandler application/x-httpd-php5s .php BEGIN WordPress<ifmodule mod_rewrite.c="">RewriteEngine OnRewriteBase /RewriteCond %{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-dRewriteRule . /index.php [L]</ifmodule># END WordPress redirect 301 /top-5-questions-to-ask-an-seo-firm-before-signing-up http://www.cmsearchmarketing.com/top-5-questions-to-ask-an-seo-firm-before-signing-up/ Any suggestions would be appreciated. _Cindy P.S. Maybe some other issues are in the way: --Old site is WP-Remix theme no longer supported, and latest WP version is 2.9.1 -- Old domain (www.creativemindsearchmarketing.com) is the primary account on BlueHost …and the new domain (www.cmsearchmarketing.com) is an addon, so the new domain's directory is within root of old domain. -- in root domain of old site there are other "handler files" that also have base file rewrites, if this is an issue: name of this file in root directory is:
Technical SEO | | CeCeBar
.htaccess.addHandlerBak -FrontPage- <limit get="" post="">order deny,allowdeny from allallow from all</limit><limit put="" delete="">order deny,allowdeny from all</limit>AuthUserFile /home/creatjo7/public_html/_vti_pvt/service.pwdAuthGroupFile /home/creatjo7/public_html/_vti_pvt/service.grp# BEGIN WordPress<ifmodule mod_rewrite.c="">RewriteEngine OnRewriteBase /RewriteCond %{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-dRewriteRule . /index.php [L]</ifmodule> END WordPressAuthName creativemindsearchmarketing.comIndexIgnore .htaccess /.?? *~ *# /HEADER /README /_vti0