WordPress - how to find and remove a spam link on a site?
· Время на чтение: 12мин · - · Опубликовано · ОбновленоHow to find and remove a spam link on a website? If one of your website visitors reports seeing spam links on your website, there is a good chance that your website is infected with a link spam hack. Some typical symptoms of spam link injection in WordPress:
- Spam links on your site, usually from illegal or gray market products;
- New pages that you didn't create;
- Weird meta descriptions when your site appears in search.
This is a common hack on your website to redirect traffic and improve the SEO of spam sites. Don't worry, all is not lost. I will help you get rid of spam link hacks in WordPress and return your site to its former glory. This article is a step-by-step guide to finding and removing spam links on your site.
The content of the article:
- What is link spamming in WordPress?
- What are the symptoms of hacking by injecting spam links?
- How to scan a hack to inject spam links?
- How can I check if my website has a link spamming hack?
- How to remove spam link in WordPress?
- How to prevent a spam link attack in WordPress?
- What is the impact of a spammy link injection attack?
- Conclusion
What is link spamming in WordPress?
Embedding Spam Links in WordPress is a type of hack that your good website uses to create backlinks to spam sites. Often these websites are for articles or services that are gray or illegal.
Essentially, the hacker inserts spam links from your web pages into their spam site. You can find these links in posts or even cleverly hidden in page titles. Alternatively, they could create entire web pages on your domain that redirect to their websites.
Another, more insidious form of spam link hacking is in your database. This infection is particularly difficult to tolerate and requires considerable development experience to successfully remove it. In this article, I will show you how to diagnose spam link hacking on your WordPress website and how to remove spam links from WordPress.
What are the symptoms of hacking by injecting spam links?
The problem with this and most other hacks is that the website owner is usually the last to know about it. Understandably, hackers and their illegal activities thrive the most when they remain undetected for as long as possible.
Thus, if you suspect that you have been hacked by injecting spam links, you can find out about it in one of the following ways:
Spam links on your site
Spam links and pages are usually hidden from website administrators by cunning hackers to avoid detection and deletion. So chances are that the visitor has noticed strange, off-topic links on your site and brought them to your attention.
In my opinion, this is the worst way to find out, given that this visitor came to your site for legitimate reasons.
Embedding a URL in Google Search Console
If you are logged into Google Search Console for any reason and encounter an unexpected warning. Spam link hacking shows up as "URL injection" in the search console, and Google helpfully lists some examples of spam URLs in your domain.
Try opening one of the sample URLs from the list. Even if the page is ostensibly on your domain, it will be redirected to a spam site without the page fully loading.
The web host has blocked your account
There are several reasons why a web host might suspend your account and website. Good web hosts will usually also send an email with suspension details.
Hacks are just one of the reasons, although the most serious. Web hosts take hacked websites very seriously, as having a hacked website on their server causes them great grief.
How to scan a hack to inject spam links?
If you suspect a hack or are warned about the possibility of a hack, you can confirm if your website has been hacked by scanning it.
This is the fastest way to determine if your site has a link spamming hack. Scan your website right now to understand the extent of the hack. Then proceed to use the cleaner to remove malware with one click.
The scanning and removal process takes place on plugin servers, so your server resources are not used. This is a significant benefit as hacked websites tend to consume a lot of resources right from the start and this can also cause issues with your web host. You do not need additional efforts at this crucial moment.
How can I check if my website has a link spamming hack?
Some security plugins are notorious for false positives when scanning. You might want to re-confirm that your website does indeed have a hack to inject spammy links. Here are ways you can check:
Google and your site
When your website appears in the SERPs, you can expect to see the metadata that you have configured. However, a hacked website will often display gibberish in the meta description, or you'll see unrelated pages you didn't create in search results.
The site is blacklisted by Google and Yandex
By clicking on a search result, you may see a Google blacklist warning. This is when Google detects that your website has been hacked, although it doesn't specify what type of hack happened. A similar notification can also be found in the Yandex.webmaster webmaster panel in the security and violations section.
Alternatively, if your website has not yet progressed to this stage, you may see a "This site may be hacked" warning in the search results themselves.
Use an incognito browser to visit your website
Hackers can cleverly insert malware so that it is not detected by logged-in users with administrative rights. Use an incognito browser or another computer to visit your website. Make sure you are not logged in. If you see pop-ups and spam links on your website, know that you have been hacked. Similarly, you can find web pages that you didn't create.
Check your website code for anomalies
This is a slightly more advanced method of checking for hacking. Go to the post or page and use the Inspect Element in your browser. There can be code in the header section that contains links in an open or obfuscated way. You can see spam URLs legible.
Check Google Analytics for malicious keywords and queries
Your traffic should come from relevant keywords. If you see yourself getting traffic for keywords like "buy vagina balls online" or "cheap Prada bags" or spammy keywords, then you can be sure your website has been hacked.
All this can seem intimidating and unsettling. However, don't worry! Khakis are easy to clean with the right tools. The main thing is to stay calm and read on.
How to remove spam link in wordpress when (website is hacked)?
There are 2 ways to remove a spam link from your WordPress site:
- Use a security plugin to clean up the infection;
- Delete infected files manually.
As you can imagine, I strongly recommend that you use a security plugin to remove spam links from WordPress. I will also describe the steps for manual cleanup, however please note that this should only be done if you are very familiar with WordPress files and its database and can navigate the code with confidence.
1. Use a security plugin to clear the infection instantly (RECOMMENDED)
When your site is hacked, time is of the essence. Install the All In One WP Security, Wordfence Security or MalCare security plugin to instantly remove the spam link hack.
This is the easiest and most effective way to keep your website free from hacks. A good security plugin will not only detect malware but also surgically remove it without affecting your site's core files. This way the files you need stay in place and function.
Note. Not all security plugins can do this. Automatic cleaning is a feature based on the intelligent malware detection system. The real benefit of the security plug-in is that it ensures that you avoid re-infection. I will cover this in the next section.
2. Remove hacked spam link manually
Of course, malware can be removed manually, but this has several drawbacks. Before I walk you through the steps to rid your website of being hacked, I want to quickly point out the dangers of manual malware removal.
- Carefully disguised malwareA: Hacks are most successful when they go undetected for as long as possible. Therefore, malware is usually carefully hidden in files and folders and is not immediately detected.
- There may be backdoors: Hackers will leave funds to restore access to your website if the current hack is removed. These backdoors are very well hidden and you will see your site get hacked repeatedly because of them.
- You must eliminate the root cause of malware: why was your site hacked in the first place? Was it a vulnerability, or perhaps a compromised password? If this cause is not eliminated, re-infections will occur.
- You may inadvertently remove legitimate code: The chances of this happening are relatively low, but if your website has multiple plugins, it can sometimes be hard to tell real code from malware. Removing good code will break your site.
Okay, now that we've removed the warnings, let's take a look at how to manually remove malware from your site.
1. Back up your site
Before doing anything else, take a backup of your WordPress site. Even though it is currently infected, it still works. That way, even if you make a mistake and make your code unusable, you can at least get it back to that working stage.
A backup would be helpful because a hacked website can be fixed by experts, but websites with missing key files are very difficult to resurrect and will cost you a lot more.
2. Thoroughly check the site for unusual files
Log in to your FTP client and take a close look at the list of files and folders. Are there any files (often PHP files) that shouldn't be there? They may look harmless, but their discovery may provide some clues.
Hacks are often written in unreadable or gibberish code. This is confusing code and hard to understand. Since you have a backup, you can afford to remove these pointless features to remove the malware.
Additionally check your posts and pages in the wp-content folder. Spam link codes are usually hidden in the header section of these pages and encoded in such a way that they are invisible on your website, for example:
<div style="”position:" absolute; top: -132px; overflow: auto; width:1259px;”div>
If your site is large, this step can take a long time. However, make sure you look carefully for these malicious code snippets, because leaving anything behind can lead to re-infection.
3. Flush the site's cache
Once you have removed all malicious code, clear the WordPress cache so that the cleaned files load correctly.
4. Reinstall WordPress
Download a new version of the same version of WordPress currently installed from the repository. You can replace everything on your website except for the wp-config file (which contains information about your database) and the wp-content folder (which contains information about your plugin and theme).
Replacing your WordPress installation will mean that you eliminate the possibility of malware in your core files.
5. Reinstall your themes and plugins
Assuming you are using legitimate versions of your themes and plugins and have downloaded them from safe sources, you can assume that a vulnerability in one of them will be fixed with an update.
It's worth spending a little time researching the news to check if any of the plugins you have installed have recently been hacked. Ideally, reputable developers will release the security patch as an update. If it is not, choose an alternative that is actively supported. This will serve you well in the long run.
6. Clean up your website database
Unfortunately, infected files in the database are very difficult to remove because you have to look for PHP functions and spam links contained in tables and data. While spammy links can be easy to spot, PHP functions can be snippets of required code.
If you decide to go this route, download the database and look for features like eval, gzinflate, shell_exec and base64_decode.
Alternatively, if you back up your website regularly (as you should), you can use a database from a previous version that you are absolutely sure is free of malware. Obviously this method is not foolproof and you can just remove a lot of the changes and updates you've made since then and still have to deal with malicious code.
How to prevent a spam link attack in WordPress?
Your WordPress website has been hacked because at least one of your passwords has been compromised or compromised. Now that you've eliminated spam link hacking one way or another, you need to take steps to ensure it doesn't happen again.
- Update everything: including WordPress, themes and plugins. I keep repeating this tip because it is really very important for the security of your site. Newer versions contain security fixes that fix vulnerabilities in older versions.
- Get rid of zero value softwareA: Free software can have a titanic cost in the long run. It's not worth the initial benefit of not having to pay for the plugin. Later, when vulnerabilities are found in it, the costs of the attacks far outweigh any amount you could save by installing them.
- Checking for backdoors: The backdoor allows a hacker to regain access to your cleaned site, especially if you manually removed the malware. Finding and removing backdoors effectively requires knowledge of security, as they are usually quite well hidden. Hackers may also have created administrator accounts, so it's worth reviewing authorized accounts to confirm if they belong to users.
- Change all passwordsA: Ideally, you should use different passwords on different websites. After cleaning your site, change all access passwords. Also, change the database password. This creates an additional barrier to re-hacking. Also, if your password has been compromised, changing it will effectively close the security loophole that allowed the hack to take place.
Many people had security scanners and plugins installed, but they got hacked anyway. It's important to remember that security plugins not on the 100% are hack-proof, so most plugins also have a manual cleanup service.
The advantage of having a security plugin is that it will protect your site pretty well, neutralizing most attacks. For those who get through, the causes are usually vulnerable plugins and/or compromised passwords.
What is the impact of a spammy link injection attack?
A hacked site is a nightmare for the site owner. Not only will your website suffer, but your visitors may also be compromised. A website requires SEO and therefore a financial hit, especially if you have an online store or make money from your website.
You have spent resources to make your site what it is. All this can be erased very quickly with a hack. It is extremely important to act quickly when your site is hacked because the damage increases exponentially over time.
Conclusion
I hope this article helped you remove WordPress spam links from your website. Removing a hack is just one of the pillars of website security. It's worth spending some time developing a strategy to protect your website from future incidents.
Reading this article:
- WordPress Theme Hacked? Cleaning up an infected topic
- WordPress redirect hack? How to clean up a website?
Thanks for reading: SEO HELPER | NICOLA.TOP