| nth my WordPress blog was the victim of a | | | | detect software injections inserted into your site, |
| spam injection attack. I am the art director for a | | | | usually on a database level, via templates or |
| highly rated graphic design and website design | | | | plugins. This is part of the reason WordPress is |
| company. I have years of experience in website | | | | such a target for these attacks. Plugins are what |
| design, WordPress Blog Design and I am security | | | | make WordPress so dynamic and cool, but they |
| minded in my approach to web development | | | | are an open doorway for spam injection |
| I was still a victim of clever hacking. It can happen | | | | software. For obvious reasons we should all focus |
| to anyone and it is happening at an increasingly | | | | our attention on prevention so that you don't |
| alarming rate. The worst part about this | | | | have to deal with detection. |
| experience was that not only my WordPress blog | | | | What can I do to prevent a WordPress Spam |
| was attacked - my entire corporate website was | | | | Injection Attack? |
| removed from Google SERPS. We were ranked in | | | | I'll start with the simplest things you can do to |
| the Google Top 10 for several coveted spots | | | | protect your WordPress blog or site from spam |
| such as; graphic design company, packaging design | | | | attacks first. . . |
| companies, brand identity company, and many | | | | First: Update WordPress |
| more. Our site was completely out of Google | | | | Updating WordPress is the easiest thing to do, so |
| search results for two weeks in which time we | | | | why not do it? I usually wait a short period of |
| lost countless leads. This experience absolutely | | | | time after a new release to make sure the bug |
| sickened me! It also created way too many hours | | | | fixes have been worked out. Please be aware |
| of work dedicated to repairing the hackers | | | | that simply updating WordPress is NOT enough! |
| damage and recovering our website's Google | | | | Second: Pick a good password |
| Rankings. During my research into fixing the spam | | | | Pick a good password. Don't use the same |
| injection hackers damage I discovered that this is | | | | password on every site. If you're really diligent |
| a widespread problem with WordPress blogs. It's | | | | you can also change your password regularly. |
| happening to thousands of people and it is not | | | | Third: Change the admin user name |
| limited to people using older versions of | | | | The default WordPress user name is "admin". This |
| WordPress. | | | | is just a guess, but I suspect that the majority of |
| Recovering from a WordPress Spam Injection | | | | people never change this. Don't give any |
| attack is not fun, but you can regain your Google | | | | information away. Hackers are clever, but like |
| Search Results after being hacked by a spam | | | | burglars they would rather move on to the easy |
| injection attack. If you've been compromised, | | | | score. You can change your admin by creating a |
| hopefully you have your website and WordPress | | | | new user and then deleting the admin user. You'll |
| blog backed up. It can be a pretty tedious | | | | be given the option to migrate posts to another |
| process to go through every file and folder on | | | | user. |
| your server locating and deleting spam files. I | | | | Fourth: Hide your WordPress Version Number |
| recommend backing up your WordPress posts | | | | David Kierznowski of blogsecurity.net lately |
| and completely removing all files and databases | | | | released a simple plugin to hide your wordpress |
| from your server. Then do a complete fresh | | | | installation version number. |
| upload of your website and a complete reinstall of | | | | The no version plugin is a simple plugin that will |
| WordPress. | | | | replace the version number with blanks, so |
| If you have already been removed from Google | | | | anyone doing a view page source from |
| Search Results then you will want to notify | | | | the browser on your site will not be able to see |
| Google immediately of what has happened. The | | | | your wordpress version. |
| best policy with Google is to be specific in your | | | | Fifth: Protect your plugins |
| explanations. You will need to make sure that you | | | | Plugins are the easy gateway way for hackers to |
| have removed all bad files from your server and | | | | access your blog. All WordPress files begin with |
| then contact Google again explaining what actions | | | | (wp-) by default so, hackers can quickly discover |
| you have taken to resolve the situation and | | | | which plugins you're using by going to /wp-content |
| submit your "request for reconsideration". In most | | | | plugins/, if you haven't renamed your database |
| cases where a valid site has been hacked Google | | | | files. A quick remedy to block a blank index.html |
| will restore their sites rankings within two weeks. | | | | file in the wp-content/plugins/ folder. |
| However, don't expect any notifications from | | | | More Complex Procedures: |
| Google on their progress of reevaluating your | | | | First: Protecting your WP-Config file. |
| website or WordPress blog. I am writing this | | | | This file contains your database name, database |
| article in hopes that it will help anyone from having | | | | username and database password. Obviously, you |
| to go through that processs. | | | | don't want anyone to have access to something |
| What should you look for if you suspect a | | | | this valuable. If you don't feel comfortable making |
| WordPress Spam Injection Attack? | | | | changes to your config you may want to contact |
| The first thing you should look for is a list of | | | | your hosting company for help otherwise you can |
| spammy keywords showing up in your list of | | | | add the following code to your .htaccess file: |
| keywords located in your Google Webmasters | | | | PHP: |
| Tools. If you aren't using Google Webmaster | | | | 1. # protect wpconfig.php |
| Tools then you should definitely look into this. | | | | 2. {files wp-config.php} |
| When your site starts showing up in weird looking | | | | 3. order allow,deny |
| search results, which can also be seen in Google | | | | 4. deny from all |
| Webmaster Tools under search results for your | | | | 5. {/files} |
| site, you need to act fast because at this point | | | | Second: Change your database names |
| Google will act fast to remove your site from | | | | Note: do not attempt this unless you are |
| SERPS in order to protect others who may be at | | | | comfortable with PHPMyAdmin and making |
| risk from visiting your website. | | | | changes to MySQL. If you are not comfortable |
| The key to detection is awareness. Be vigilant in | | | | with this you should hire a professional to assist |
| monitoring your website and your website's stats. | | | | you. |
| Spam injections are a clever, effective form of | | | | Begin by backing up your database! |
| hacking and show no outward signs of infection. | | | | Many people have problems with the database |
| However, If you do a Google Site Search for | | | | table name prefix changing functionality of WP |
| spammy key words like; viagra} you will be able | | | | Security Scan. You can manually change your |
| to see if your site is referencing spam keywords. | | | | database names following the instructions below. |
| You will not be able to see spam showing up on | | | | 1. BACKUP your WordPress database to a sql file |
| your site. In order to physically see spam tags in | | | | - you can do this in "phpmyadmin". |
| your site you must go to the "cached" version of | | | | 2. You should Deactivate your plugins as a |
| your web pages and view them in "text mode". If | | | | precaution before proceeding. You can reactivate |
| you've been infected you will now be able to see | | | | them after you have finished. |
| spam keywords, usually appearing as a footer. | | | | 3. Make a copy of the .sql file you created, then |
| What does a Spam Injection Do? | | | | you can open the .sql file and use a text editor to |
| Spam Injection software hides spam keyword | | | | find and replace all wp_ prefix to |
| links in code that is usually encoded with a PHP | | | | rename_. |
| function that effectively scrambles html to be | | | | 4. Now, drop all tables of your WordPress |
| decoded once safely embedded on your server, | | | | databases, but DO NOT drop the database. |
| database, etc. You won't see these files decoded, | | | | 5. import the (.sql) file that you have just edited |
| but the Google Bot and other bots will when | | | | into your wordpress databases. |
| crawling your site! Once the Bots access the code | | | | 6. Finish by editing your wp-config.php file and |
| the spam injection software has done it's work, | | | | change the $table_prefix = wp_’; to |
| effectively stealing your search index to improve | | | | $table_prefix = ’something_’; |
| their own pagerank. | | | | I hope that this article will help someone avoid the |
| These spam injection hacks are very hard to | | | | fallout associated with a spam injection hack. |