Malware & Wordpress
-
Google has identified Malware on on eof our Wordpress sites. In webmaster tools it names the 10 pages where code has been injected.
I cant' find them easily via the WP dashboard and wondered if anyone had had any experience of this and what steps they took?
Plus are there any measure I can take to fight against this? The site is on the latest WP version.
Thanks,
Colin
-
Thanks Majid,
Sucuri Scanner looks good. I wonder if you had any experience of it?
If it can remove the malware as well as alerting me of any future hacks it would seem money well-spent.
Colin
-
Thanks Marie (and Dan and Majid),
I am going through the plugins and widgets now. I re-installed a clean version of the Theme too but not sure if I've done that too soon if the script is still there.
I can see the page titles in Webmaster Tools but cant' find the actual pages on the server to delete, in case that helps.
I will definitely look at the security suggestions and resources suggested. Thanks for the tips.
Marie I will PM you too if I may.
Thanks guys,
Colin
-
That would be ok if you use these plugin as well :
http://wordpress.org/extend/plugins/sucuri-scanner/
-
Colin
Any luck with this yet? I'd follow Marie's good advise and first be sure everything is updated. Then try these things to find it;
- Disable each plugin one by one and see if it goes away.
- Can you see the code when you view source or use a tools like browseo.net or shut off CSS? If you can see the location of the injected code you may be able to tell where it was inserted.
- If you can't see it viewing source or with browseo etc - try doing a Google cache: search and view in text only.
- Check your widgets.
- Check your .htaccess file
Once you find it definitely check out this document on securing wordpress.
Let us know how it goes.
-Dan
-
Definitely keep your plugins updated. Plus, if you use Timthumb on any of your sites, do some research on Timthumb vulnerabilities.
Make sure you change all of your wordpress passwords after cleaning up.
And, if you get hit again, despite your cleanup, hire a professional! I had a nasty job done on one of my sites. My host thought they'd fixed it and it came back. I hired sucuri.net to fix it and after 3 weeks they were no further ahead. I hired a professional guy (pm me for the name if you want to hire him) and it took him a while but he figured it out. Not all malware issues are that complicated though.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Install Wordpress on different folders on the same URL
Howdy Mozers! It's a long story, but I have Wordpress installed on my root domain "example.com" and in "example.com/folder" as well. Will this affect my SEO? Should I delete WP from my folder, and build my pages from a folder on the root domain, like "example.com/folder1"? Hope I've managed to properly explain myself 🙂 Thanks!
Technical SEO | | Fernando_0 -
Headers & Footers Count As Duplicate Content
I've read a lot of information about duplicate content across web pages and was interested in finding out about how that affected the header and footer of a website. A lot of my pages have a good amount of content, but there are some shorter articles on my website. Since my website has a header, footer, and sidebar that are static, could that hurt my ranking? My only concern is that sometimes there's more content in the header/footer/sidebar than the article itself since I have an extensive amount of navigation. Is there a way to define to Google what the header and footer is so that they don't consider it to be duplicate content?
Technical SEO | | CyberAlien0 -
Author schema and Wordpress Author Page
Hi everyone, Has anyone tried using the author schema on their Wordpress author page or on their G+ profile or on their Moz profile? Would it be a good idea to always use it where you publish? I publish on several blogs Thanks Carla example: Use it here - http://www.posicionamientowebenbuscadores.com/blog/author/carla/ http://moz.com/community/users/392216 It seems like I would be over doing it.
Technical SEO | | Carla_Dawson0 -
Duplicate Post Titles in WordPress with
Hi, First off, this is a WordPress specific question. we migrated a site into WordPress, with hundreds of long articles that are split into 3 or 4 pages each. Each of these articles was entered as an individual post, split into different pages using the tag. We're using the yoast seo plugin. The problem then is that each of the pages gets the same title and meta description. Has anyone a good solution to differentiate the pages? Thanks,
Technical SEO | | Andybod1 -
301 redirects & merging two sites into one
We have a client that has two sites that rank well for different searches in their market. The main pages ranking are things like advice articles and news pieces. For various reasons, they just want one site. I believe they need to duplicate the content from the outgoing site and place it on the main site, with a 301 redirect from each old page to each new one. What happens when they eventually want to redirect the entire domain? Would these smaller, internal redirects become obsolete, therefore removing any link value they once had? I am not sure how this works or if there is a best practice way to do this. Thanks Gareth
Technical SEO | | Gmorgan0 -
Where does Wordpress store the 301 redirects?
Hi, I've just created a campaign for my new wordpress blog and found 11 301 redirects which I was not aware of. It looks like wordpress has created them automatically. Does any one know how wordpress handles this issues or where are they stored so I can delete them? They are of no use for me. 9 of these redirects point to the same url with an added '/' and are in pages 1 is on a post. I've been changing the permalink and some urls several times and maybe one of these times the Wordpress has automatically created the 301 redirect. But why? I do not want to keep the old url. the last redirect is very strange it goes from http://www.mydomain.com/folder to http://www.mydomain.com where folder is the folder where I installed wordpress. But again, I want no one to type the url with the folder name or even know this folder exists. Any comment on this would be greatly appreciated. Thanks a lot, David
Technical SEO | | dballari0 -
Should I allow index of category / tag pages on Wordpress?
Quite simply, is it best to allow index of category / tag pages on a Wordpress blog or no index them? My thought is Google will / might see it as duplicate content? Thanks, K
Technical SEO | | SEOKeith0 -
SEO friendly way to move a wordpress installation
Hi Mozzers I am working with a client who currently has 2 wordpress installations on their site - one is in the root domain and one is in a subdirectory /hub which is where the majority of their content is. They want to move all of their content over from the /hub directory into the root installation. Any ideas of the most SEO friendly way to do this? Thanks for any suggestions.
Technical SEO | | beva0