How to Detect and Prevent a WordPress Spam Injection Attack

Last month my WordPress blog was the victim of a spam injection attack. I am the art director for a highly rated graphic design and website design company. I have years of experience in website design, WordPress Blog Design and I am security minded in my approach to web development – I was still a victim of clever hacking. It can happen to anyone and it is happening at an increasingly alarming rate. The worst part about this experience was that not only my WordPress blog was attacked – my entire corporate website was removed from Google SERPS. We were ranked in the Google Top 10 for several coveted spots such as; graphic design company, packaging design companies, brand identity company, and many more. Our site was completely out of Google search results for two weeks in which time we lost countless leads. This experience absolutely sickened me! It also created way too many hours of work dedicated to repairing the hackers damage and recovering our website’s Google Rankings. During my research into fixing the spam injection hackers damage I discovered that this is a widespread problem with WordPress blogs. It’s happening to thousands of people and it is not limited to people using older versions of WordPress.

Recovering from a WordPress Spam Injection attack is not fun, but you can regain your Google Website Rankings after being hacked by a spam injection attack. If you’ve been compromised, hopefully you have your website and WordPress blog backed up. It can be a pretty tedious process to go through every file and folder on your server locating and deleting spam files. I recommend backing up your WordPress posts and completely removing all files and databases from your server. Then do a complete fresh upload of your website and a complete reinstall of WordPress.

If you have already been removed from Google Search Results then you will want to notify Google immediately of what has happened. The best policy with Google is to be specific in your explanations. You will need to make sure that you have removed all bad files from your server and then contact Google again explaining what actions you have taken to resolve the situation and submit your “request for reconsideration”. In most cases where a valid site has been hacked Google will restore their sites rankings within two weeks. However, don’t expect any notifications from Google on their progress of reevaluating your website or WordPress blog. I am writing this article in hopes that it will help anyone from having to go through that processs.

What should you look for if you suspect a WordPress Spam Injection Attack?

The first thing you should look for is a list of spammy keywords showing up in your list of keywords located in your Google Webmasters Tools. If you aren’t using Google Webmaster Tools then you should definitely look into this. When your site starts showing up in weird looking search results, which can also be seen in Google Webmaster Tools under search results for your site, you need to act fast because at this point Google will act fast to remove your site from SERPS in order to protect others who may be at risk from visiting your website.

The key to detection is awareness. Be vigilant in monitoring your website and your website’s stats. Spam injections are a clever, effective form of hacking and show no outward signs of infection. However, If you do a Google Site Search for spammy key words like; viagra you will be able to see if your site is referencing spam keywords. You will not be able to see spam showing up on your site. In order to physically see spam tags in your site you must go to the “cached” version of your web pages and view them in “text mode”. If you’ve been infected you will now be able to see spam keywords, usually appearing as a footer.

What does a Spam Injection Do?

Spam Injection software hides spam keyword links in code that is usually encoded with a PHP function that effectively scrambles html to be decoded once safely embedded on your server, database, etc. You won’t see these files decoded, but the Google Bot and other bots will when crawling your site! Once the Bots access the code the spam injection software has done it’s work, effectively stealing your search index to improve their own pagerank.

These spam injection hacks are very hard to detect software injections inserted into your site, usually on a database level, via templates or plugins. This is part of the reason WordPress is such a target for these attacks. Plugins are what make WordPress so dynamic and cool, but they are an open doorway for spam injection software. For obvious reasons we should all focus our attention on prevention so that you don’t have to deal with detection.

What can I do to prevent a WordPress Spam Injection Attack?

I’ll start with the simplest things you can do to protect your WordPress blog or site from spam attacks first. . .

First: Update WordPress
Updating WordPress is the easiest thing to do, so why not do it? I usually wait a short period of time after a new release to make sure the bug fixes have been worked out. Please be aware that simply updating WordPress is NOT enough!

Second: Pick a good password
Pick a good password. Don’t use the same password on every site. If you’re really diligent you can also change your password regularly.

Third: Change the admin user name
The default WordPress user name is “admin”. This is just a guess, but I suspect that the majority of people never change this. Don’t give any information away. Hackers are clever, but like burglars they would rather move on to the easy score. You can change your admin by creating a new user and then deleting the admin user. You’ll be given the option to migrate posts to another user.

Fourth: Hide your WordPress Version Number

David Kierznowski of lately released a simple plugin to hide your wordpress installation version number. The no version plugin is a simple plugin that will replace the version number with blanks, so anyone doing a view “page source” from the browser on your site will not be able to see your wordpress version.

Fifth: Protect your plugins
Plugins are the easy gateway way for hackers to access your blog. All WordPress files begin with (wp-) by default so, hackers can quickly discover which plugins you’re using by going to /wp-content/plugins/, if you haven’t renamed your database files. A quick remedy to block a blank index.html file in the wp-content/plugins/ folder.

More Complex Procedures:

First: Protecting your WP-Config file.
This file contains your database name, database username and database password. Obviously, you don’t want anyone to have access to something this valuable. If you don’t feel comfortable making changes to your config you may want to contact your hosting company for help otherwise you can add the following code to your .htaccess file:

PHP: 1. # protect wpconfig.php 2. 3. order allow,deny 4. deny from all 5.

Second: Change your database names

Note: do not attempt this unless you are comfortable with PHPMyAdmin and making changes to MySQL. If you are not comfortable with this you should hire a professional to assist you.

Begin by backing up your database!

Many people have problems with the database table name prefix changing functionality of WP Security Scan. You can manually change your database names following the instructions below.

1. BACKUP your WordPress database to a sql file – you can do this in “phpmyadmin”.
2. You should Deactivate your plugins as a precaution before proceeding. You can reactivate them after you have finished.
3. Make a copy of the .sql file you created, then you can open the .sql file and use a text editor to find and replace all “wp_” prefix to “rename_”.
4. Now, drop all tables of your WordPress databases, but DO NOT drop the database.
5. import the (.sql) file that you have just edited into your wordpress databases.
6. Finish by editing your wp-config.php file and change the $table_prefix = ‘wp_’; to $table_prefix = ‘something_’;

I hope that this article will help someone avoid the fallout associated with a spam injection hack. I love the functionality of WordPress, but unfortunately, this experience has left me so cautious that my company no longer uses a WordPress Blog along with our corporate website. Maybe someday.

91 Responses to How to Detect and Prevent a WordPress Spam Injection Attack

  1. Thomasmaipt says:

    mexican pharmacy online – canadian pharmacies online canadian pharmacy canadianpharmacy

  2. says:

    buy risperdal online
    buy generic viagra online
    when will tesco start selling viagra Avelt Scawn

  3. Brenogot says:

    Thanks a lot. Ample tips!
    best essay writing website essays writer help writing dissertation

  4. prescription viagra online canada
    buy viagra in cyprus
    levitra retail price Avelt Scawn

  5. fdbnsb says:

    vasodilator drugs viagra – cialis genuine viagra without a doctor prescription get cialis covered insurance

  6. Dannyboype says:

    pharmacy online – canada pharmacies online prescriptions online pharmacy canadian pharmacies

  7. Ellisben says:

    You revealed that fantastically! canadian pharcharmy online fda approved mail order pharmacies canada drugs pharmacy online

  8. Aivat says:

    Especially the atria, I acquire abnormally deliberate and followed the. online pharmacy antibiotics Pwayoa jvfoux

  9. viagra selling price
    viagra not working anymore
    sildenafil 1a pharma 100mg tabletten Avelt Scawn

  10. DirekDried says:

    Whoa a good deal of awesome information. how to write an mla essay [url=]custom writings[/url] dictionary dissertation

  11. canada drugs says:

    Truly plenty of excellent material!

  12. DwayneEmine says:

    Superb postings. With thanks! no prescription pharmacies [url=]canada pharmacy[/url] us pharmacy no prior prescription

  13. BrianAssut says:

    where to buy cialis without a prescription [url=]buy cialis online usa [/url] buy cialis online canada pharmacy
    buy cialis pills online [url=]best place to buy cialis online without script [/url] buy cialis pills
    buy discount cialis [url=]buy cialis online canadian pharmacy [/url] where can i buy cialis cheap
    cvs generic viagra price [url=]order viagra [/url] how can i buy cheap viagra
    cash advance payday loans [url=]cash payday loans [/url] fast online payday loans
    home equity loans with bad credit [url=]emergency bad credit loans [/url]

  14. DurekDried says:

    Excellent data. Cheers! best website to buy essays [url=]essay writer[/url] thesis in

  15. zithromax where to buy
    where to buy viagra in philippines
    sildenafil eg 50 mg prix Avelt Scawn

  16. Frankwhopy says:

    kamagra oral jelly sverige: kamagra sale
    college of medicine kamagra viagra kamagra apotheke kaufen

  17. best natural viagra review
    generic viagra overnight shipping
    xm radio commercial 40 viagra 99 tablets Avelt Scawn

  18. female viagra order
    cialis super active plus reviews
    arava border map Avelt Scawn

  19. StevenDom says:

    cash app download – payday loans payday loans online fast loans payday loans online same day loan loan republic

  20. KoreyBix says:

    kamagra forum 2009: kamagra jelly
    vaping health risks for teens kamagra oral jelly cialis ou kamagra

  21. buy professional cialis
    cialis tablets for sale
    zovirax cheap Avelt Scawn

  22. says:

    buy generic cialis online 20mg cialis Vkhlno zdmpdf

  23. cialis pharmacy american express
    viagra generic 75mg
    where to buy terramycin ointment Avelt Scawn

  24. StevenDom says:

    td finance – online loans payday loans online loan quick loans snap finance

  25. is selling viagra illegal in the uk
    viagra tablets
    buy viagra and dapoxetine in london Avelt Scawn

  26. says:

    cheap viagra online canadian pharmacy viagra for women Shcppa ghkxoj

  27. is generic cialis available in the usa
    bayer cialis
    viagra kaufen gunstig deutschland Avelt Scawn

  28. Wdfccv says:

    buy viagra online cheap viagra for women

  29. aciclovir tablets buy online australia
    cheap generic cialis uk
    buy cialis strips Avelt Scawn

  30. generic viagra india in india
    cost of viagra per pill
    cost cialis prescription Avelt Scawn

Leave a Reply

Your email address will not be published. Required fields are marked *

Powered by WordPress | Theme Designed by: axis Bank bca Bank bni Bank bri Bank btn Bank cimbniaga Bank citibank Bank danamon Bank Indonesia Bank mandiri Bank ocbc bank Panin Bank syaria hmandiri bundapoker dana google gopay indihome kaskus kominfo maybank ovo telkom telkomsel WA