Tech Tuesday: WordPress Spam Hacks

As I worked my way through reading a few genealogy blogs, I found one that had a lot of text at the very top, about payday loans and small cash loans. It was clearly not intended to be there. If you use WordPress for your blogging platform, here are a few things to help out on watching for and dealing with a spam hack.

When a WordPress blog is hacked in the way I saw, the text is placed at the start of the content (after the <body> tag in the HTML), and is given a layout style that tells it to be not displayed. This means humans will not see it there, but search engines (such as Google and Bing) will see the text, and will believe you placed those links to fake payday loan sites.

Finding Spam Links

Manual Check

If the links are hidden, how can you see if they’re on your blog? The easiest method is to view the page’s source. Most web browsers have Ctrl+U as a shortcut to viewing the page’s source.

The source may look like complex gibberish to anyone who is unfamiliar with HTML (the markup language used for web sites), but browsing through the top of the page, it should be clear when you start seeing spam text and links.

Some web browsers allow you to turn off the layout, which will also turn off the style that hides the spam text. In the Opera web browser, this is done under the View menu, Style sub-menu, and selecting User Mode. (Selecting Author Mode turns the layout back on.)

Automated Notifications

I highly recommend signing up for a Google account (if you don’t already having one) and registering your site with Google’s Webamster Tools. Google will monitor your WordPress install, and will e-mail you when there’s a WordPress update and when it appears your web has been hacked for spamming.

Clean-Up Instructions

Instructions for clean-up are beyond the scope of this posting, but I can provide some links that should help.

WordPress FAQ – My site was hacked
First place to visit is WordPress’s own page on how to respond to a hack. Even if your web site has not been hacked, you should read through this page as it can help you prepare for when a hack does occur.
Smackdown! – How To Completely Clean Your Hacked WordPress Installation
Extra reading material on the process of cleaning up after a hack.

Leave a Reply

Your email address will not be published. Required fields are marked *