Archive for the 'wordpress' Category

Recovering from a WordPress Spam Injection

I should have been relaxing and working on an inspirational side project, but instead spent much of Thanksgiving weekend trying to eliminate a senseless spam injection on a WordPress (wp) site.

I was frustrated, to say the least, by how difficult it was to find a solution. There were many months-old unanswered pleas on the wp forums.

I cannot figure out the hackers’ revenue model. Repeatedly over the course of two weeks, my husband’s site became unreliable to access. The symptoms were varied, including:

  1. The site never loads
  2. Loading stalls and then redirects to a virus scanner software
  3. The site is redirected to a Harry Potter related website
  4. The site takes a long time to load and the source code shows approximately 30 links to enhancement-related drugs or movies. Each time the links are to a new single site, where the drug or movie is a variable at the end of the URL. The inserted code has a style of display:none; so it’s not visible to the naked eye. Nevertheless, it is available to search bots.

For the first few days, the injection would take place in the form of #4 (invisible links) at the same time of day. Replacing the theme’s header.php erased the problematic code, returning the site to normal for the day. (I read of other situations where the injection is in the footer.) The ftp logs showed that /wp-content/themes/mytheme/header.php file was changed. Read the entire post: Recovering from a WordPress Spam Injection