Disclosure: This post may contain affiliate links, meaning we get a commission if you decide to make a purchase through our links, at no cost to you. Please read our disclosure for more info.
Last Updated on February 4, 2016 by Work In My Pajamas
I recently got an unwelcome email from my Google Search Console:
Google has detected that your site has been hacked by a third party who added hidden or cloaked content on some of your pages. This critical issue utilizes your site’s reputation to show potential visitors unexpected or harmful content on your site or in search results. It also lowers the quality of results for Google Search users. Therefore, we recommend you remove the hacked content from your site as soon as possible. If you remove the spam, our system will automatically reflect these changes as we update our index.
I already had an a malware plug-in installed on that particular WordPress site which obviously didn’t catch anything. So I tried Sucuri Security, which most forums recommend, but it didn’t catch anything either. So I took a deep look at the source code of the site. Indeed there was a spammy link injected around the menu section (after the header) of the HTML. I went through every file in the theme editor looking to see if I could find the source to delete with no luck.
I ended up disabling all WordPress plug-ins, and reactivating them one by one to see if one of them was the culprit. That did it! I decided to go check out some of my other sites, and four of them also had spammy links in them (some right before the menu, some right after the menu). These were the plug-ins on my sites that I had to deactivate and delete to get the spammy links to disappear.
- Dagon Design Form Mailer (contact forms)
- Feedsnap (outputs RSS)
- Premise (landing pages)
- Youtuber (embed videos)
I’m not accusing any of these plug-ins to be bad; I’m pointing fingers at myself for not keeping all of my plug-ins and WordPress installs up-to-date, as I presuming my site was vulnerable at some time or another and that allowed hackers to inject their links within the plug-ins.
You may want to go check your source codes for spammy links before Google finds them (they hadn’t caught my other three infected sites). And then make sure everything on your site is updated.
As soon as my contract is up with my current host, I am definitely switching to WPEngine as they do automatic backups, updates and maintenance for you. Plus there’s more reasons to love WPEngine.
