How to Find & Remove Spam Link Injection in WordPress?

Spam Link Injection

Is your WordPress site hacked?

How to find spam links in WordPress?

Suffered a Link Injection Attack with SPAM links injected into website content ?

Need to remove unwanted links in wordpress?

Spam Links on WordPress site can affect your Website SEO and Google adwords (This may lead to Google adwords suspension or Google ads disapproved due to malware). As a WordPress website owner, spam injection is one of the dreaded and well-disguised hacks you should be aware of. If you have been a victim of a spam link injection , it can be an extremely exasperating experience to find and fix the hack. Black Hat Hackers infect WordPress sites, by injecting spam links directly into the database.

There have been few instances, in the past, where the clients had to opt for restoring their backup to do away with the hack. They even tried deleting the malicious code by going into files and databases, alas after a few days the spam made a comeback.

If you have become a target of this spam and looking for a concrete solution, you need our WordPress security scanner to get rid of it once and for all. It will conduct a thorough scan of your website instantly and help in Finding and Removing Spam Links if any.

First up, like we have mentioned earlier that this is one of the notorious hacks, so before we go ahead and gain knowledge of how to check & remove wordpress spam link injection, let us know more about spam link injection on WordPress website.

Also know more about – What is SEO Spam & How to Remove it

What is a WordPress Spam link injection?

Spam URL Injection can be defined as a malicious activity initiated by hackers to gain access to your WP website. This particular theme is termed as spamdexing or SEO spam.

Instead of making the best possible efforts to rank the pages legitimately on search engine ranking pages (SERPs), the hackers will use the top-ranking pages of your website to take away your years of accomplishments.

Let us discuss the things they include –

•   They will insert particular keywords that we deem as spam in all those pages that are well-ranked on SERPs (search engine result pages).
•   The hacker will insert hyperlinks on your website’s pages. All your users on wordpress site redirects to another spam website whenever they click on these hyperlinks.
•    They will also send spam emails to your customer database.
•     At times, they create new pages as well.
•  These hackers also display ads and banners of their products on your website.

Using SEO spam injections, the hackers can hide the website from its owners for as long as they can, this is what makes this malicious activity dodgy.

So, before we move any further, you have to ensure that you are a victim of SEO spam, after which we can move ahead and learn how to fix it.

Link Injection Hack bots look for known exploits (WordPress SQL Injection,  incorrect WordPress folder permissions, etc) This allows them to insert spam files/links into your WordPress Themes, plugins, and core files.

Let us understand the Spam Link Injection with the help of an example –

<div style=\"\\64\\69\\73\\70\\6c\\61\\79:\\6e\\6f\\6e\\65\">

<a href=\"http://www.fcit.usf.edu/li/viagra.html\">viagra</a>\r\n<a href=\"http://www.fcit.usf.edu/li/free-viagra.html\">free viagra</a>\r\n

... lots more ...

</div>

The moment that “style” attribute (inline CSS) was rendered in a browser, it converted into display: none and therefore were not visible.

The hackers decided to use this method because they think that the owner of the blog may not be aware of the fact that the links were inserted since they are not visible. Google does not provide link credit to the links that are within a container having display: none. However, the hacker believes that Google bot will not be able to identify that this div is hidden because of the unnatural code.

How spam Links can affect your site’s SEO?

If you engage in low-quality link building, your website is more likely to be penalized by Google. Your website will also face punitive action and as a result, the rankings will also plunge down. Here you can look at how Google penalizes the link manipulators.

•   Manual link spam penalty

This is the case where Google will apply a penalty manually after going through your profile. The review is triggered due to the following reasons –

• ü Your standing as a competitor in your niche.
• ü Spam accusation by a competitor.
• ü Activation of algorithmic search because of the presence of spam links on the website.

Google  may send you following message in your search console –

•    Algorithmic Link Spam Penalty

To abate the link manipulators, Google has rolled out Penguin and also to reward high-quality websites. Through the years with the updates, Penguin can catch spam links and penalize the websites. In case, of late, you have received an algorithmic penalty, you will not get any notification, but rather you will witness a significant fall in the organic traffic, something like this –

Signs That Your Site Is Hacked With Spam Links

If you are skeptical of being hacked or just want to be sure, consider the following ways in which you can be sure you have been hacked.

•    Google Blacklisting

If you have malware on your website that can prove detrimental for the users, then Google will blacklist you. Such hacks go unnoticed for a long time usually, this gets detected by Google before you, as the owner of the website, do.

Since Google has found malware on your website, you will receive an email carrying a message that your website has been blacklisted. Your users, trying to access your website, will be shown a notification or warning message like this –

Your website may also carry a warning on the SERPs – “This site may be Hacked” warning message.

These actions are initiated by Google as user experience is its first concern. They aim to provide the users with quick, safe and relevant results. Therefore they ensure that, no matter what happens, the security of the users is not jeopardized.

•    Web host suspension

Pretty much like Google, your wordpress site can be suspended by your web host as well. Your web host will notify you that your web hosting has been suspended. They will either claim that you have malware on your website or ask you to get in touch with them to know the reason behind the suspension of the account.

There is a reason why these web host providers suspend hacked accounts. Each website is provided with a certain amount of resources. In case your website is hacked, chances are that it will surpass these allotted resources. Besides, if you have a shared server, you will put other websites, on the same server, at risk.

Also Read – This Account Has Been Suspended – WordPress Down

•    Check Google Analytics

If you have a website, Search Console and Google Analytics are two of the most important things you need to have. In case you don’t have them, start now. With the help of Google Analytics, you can have a detailed insight about the visitors on your website. Traffic on your website should be coming in from having relevant keywords.

If, on Google Analytics, you are getting traffic for keywords related to male enhancement products, rest assured your website has a pharma hack.

•    WordPress Security Plugin

If none of the above has happened, and you still think that your wordpress site have been hacked, we suggest you scan your website using the professional services of WP Hacked Help. Rest assured a thorough analysis is done on your website to check for the traces of infection including SEO spam injections and many others such as WordPress pharma hack, WordPress malware redirect hack, Japanese keyword hack and many more..

How to find and remove WordPress Spam Links Injections?

Like we have mentioned earlier that it is an arduous task to remove the spam link, but it is hard only if you are not following the right methods.

If you are finding it hard to find spam link injection links, you don’t need to be worried sick. With the help of below-discussed methods, you will be able to find SEO spam injections in WordPress website –

• Check Theme Files with Theme Authenticity Checker (TAC)

Theme Authenticity Checker is a plugin that will scan wordpress theme for malware. Spammers, usually, insert spam links into the theme files. If you happen to be using a nulled or cracked theme, then you need to be extra cautious. It pays to check your themes, thoroughly, before you install them.

• Using Exploit Scanner to Find Spam

Exploit Scanner is another plugin that can come handy in this situation. This plugin will also scan your files for any suspicious code. If you have a plethora of plugins installed, then it may be a time-consuming process.

•     Checking Malicious Code with WP Hacked Help

Try out the wordpress security scanner to check all your core files to identify any potentially malicious code. If you own a business that relies on your website, then it is worth opting for a premium version.

In case you don’t have access to your admin, you still have access to scanners that don’t need it. Here is the list you can check out –

• Virus Total
• Unmask Parasites
• Quttera
• Sucuri Site Check
• Scan My Server
• Web Inspector
• Norton Safe Web

Like we mentioned earlier that this is an intricate hack and can be hard to fix, but the fact is, it is hard only when you haven’t applied the right methods. So, let us start with one of the reliable methods i.e. to use various WordPress Security Plugins. The best thing about using a plugin is that it gets the job done efficiently and it saves your precious time as well.

•    Fixing SEO Spam Injections using a Security Plugin

Using a WP security plugin, you will be able to detect and fix the hack in no time. With a plethora of WordPress plugins available out there, it is not an easy task to choose the best one. Not all security plugins are capable enough to detect malicious malware. Most of these methods are dependent on the old methods that are not competent enough to detect spam attacks.

Having an automated process will help scan all your files and database to find the malware and remove malware from your wordpress site, this way you will be able to fix the issue of spam links.

Let us discuss how you can use a security plugin to clean a spam hack. It is important that the security plugin, you choose, should have the following features –

• It should detect concealed, hidden, and new malware

By now, you know that SEO spam cannot be detected from the naked eye. It can be hard to detect the spam by looking at the files and database.

A regular scanner will use a method known as signature or pattern match to lookout for the malware. It only searches for the code that is already malicious. What’s worse is that such plugins will not detect any new malware.

Ideally, a good security plugin should use over 100 signals to detect a suspicious code and its behavior at your website. This comes in handy in discovering the malware, concealed code, and hidden links.

• Automatically takes a backup for you

If you want to fix a hacked wordpress website, you will have to delete the code or files. Owing to this, it is recommended that you take a backup of your wordpress database. A good security plugin will take a backup for you and will safely store it at a remote server as well.

• Find the spam in a few minutes

At the touch of a button, the plugin will automatically scan your website however, it depends on the size of your website.

• Clean up your website automatically

The plugin should have a feature to auto-clean your website to get rid of the malware. It may be a time-consuming process, but at the end of the day, your website will be 100% free from malware and spam.

• Fixing SEO Spam Injections using WordPress website scanner

A good WP website scanner provides an easy and effective way to secure websites and most importantly keep them safe from future spam link hack.

A good scanner should have the following features –

• Fast Turnaround

Your website scanner service provider should ensure that your website will be fixed as soon as possible.

• Reliable Service

The scanner should ensure that your website is cleaned and verifies it through multiple scans.

• Detailed Analysis

Ideally, the WordPress malware scanner online should perform a 360-degree inspection of your website. It should also provide a detailed website cleanup report if any malware is affecting your website.

• Live Updates

You should be provided with live updates of your scanning request.

• Well-informed staff

The service provider should have experienced staff. Make sure that real WordPress developers fix your website.

How to use WP Hacked Help Malware Scanner

WP Hacked Help has a state of the art scanner that helps in the detection and fixing of the SEO spam. When you take our services, rest assured your WordPress website will be fixed and you don’t have to deal with the spam in the future.

So, let us discuss how we help you to get rid of malware –

Check the severity of the attacks

First and foremost, we will check whether it is feasible to login to the WordPress panel. In case we find it hard to login, we will carry out a thorough cleanup of the website.

However, if the login is successful, then we move ahead to the next step. We will take a backup of the website before initiating the process of cleaning up.

•  Restore your WordPress Website from Backup

If we can carry out the backup of your website successfully, then we will have the website up and running in no time.

That said, this also has its downside where you have a risk of losing your blog posts, new comments, etc. In this case, this is where we will extend our professional experience in ensuring that you don’t go through all this. This will also depend on two important elements – content present on your website and the length of the hack time.

•  WordPress Malware Scanning and Removal

With years of experience and knowing WordPress websites in and out, we know that hackers tend to hide their WordPress backdoors in themes and plugins in WP websites. We will scan your website to detect any inactive themes and plugins.

Once the plugins are deleted, we will rescan your website to have the updated list of issues. Our scanner will update the list of all important WordPress files, this will also prove beneficial in knowing the location where the hack took place. Usually, common places where the hack takes place are – .htaccess files, upload directories, WP themes, wp-config.php, and WP plugin directories.

We will also check your website through a Theme Authority Checker, it will prove helpful in the detection of the malicious code. We are going to fix the hack in the following ways –

Option 1 – Either the code will be removed manually.

Upload fresh WordPress files by initiating a fresh download.

Option 2 – Replace the infected file with the original file.

Download the fresh copy of the file to replace the infected file.

We will follow the same steps to clean up the infected plugins. We ensure that both the plugin and folder names match the original ones.

In most of the cases, a hacker may add some additional files that may look similar to the plugin names and gets easily ignored such as – Adm1n.php, hell0.php, etc. We will repeat this step until the file is clean.

•   Check User Permissions from WordPress Admin

We recommend that it is important to be circumspect about providing access to the WordPress website. Check the users section of WordPress to restrain administrator access to your website.

Also Read – How to Fix WordPress File And Folder Permissions Error?

•  Disable Cookies from WordPress Admin

To avert future hacking, we suggest disabling the cookies. Creating secret keys will also come handy furthermore, this key should be added to the wp-config.php file.

•   Change Your Passwords On Regular Intervals

This practice should be followed religiously. Make sure all those who have access to the WordPress website have also followed this important step of changing the password.

Also Read – How To Change Your WordPress Username

How to cleanup spam links on hacked WordPress website?

If you still want to try your hands at the manual cleanup, go ahead and follow the process below.

Note – Before you go ahead and initiate a manual cleanup, don’t forget to take the back of your files and database.

• Scan files and delete malicious code  

First and foremost, you need to login to your hosting account and subsequently, go to cPanel > File Manager > public_html.

This is where you will see three folders –

•     wp-admin
•     wp-includes
•     wp-content

Carry out a thorough check for the malicious code in your files. These hackers are smart and they usually act in a Machiavellian way. They make use of intricate styles, to hide spam links that make the links undiscoverable inside the page, here is an example –

<div style=”position: absolute; top: -132px; overflow: auto; width:1259px;”>

On identification of the codes, make sure you delete them immediately. If you are in luck, you will find the same code across all the pages. In that case, it will be as easy as ABC to delete them altogether.

Tip – Keep a check on the plugins and themes folder under wp-content since the hackers use such vulnerable plugins to inject spam in your website.

•   Scan and Clean your Database

You need to click on cPanel > phpMyAdmin from your hosting dashboard. Towards the left side, you will see a list from where you need to click on ‘Export’.

You have to ensure that the default settings are set as Quick Export Method and SQL format. You need to download the database. Once it is downloaded, you need to open it as a .txt file in notepad.

At this stage, you need to search for PHP functions such as – gzinflate, base64_decode, shell_exec, and eval. These are some of the PHP functions frequently used by hackers. Subsequently, you have to get rid of these functions and this can be done either by deleting the record or by making changes to the malicious text.

Once you have ensured that the database is clean, you have to import the same to your WordPress website. This can be easily done using phpMyAdmin.

Steps to Prevent Future Spam Attacks

When you take professional services of WP Hacked Help, rest assured your website will be scanned at regular intervals. In case anything suspicious is detected, you will be informed about it right away.

Besides, you will be notified about the malicious IPs and bad bots that can prove detrimental to your website. Apart from that, there are various other measures called wordpress hardening that you need to take care of your own. Let us see how all this can be done with a few clicks of a mouse.

•    Update your WP installation & theme files, Plugins
  

Go to the dashboard and check whether your website installation is outdated. You can also have an idea of how many plugins and themes require updates.

• Apply Website Hardening
• Use WordPress Secret Keys Some secrets should remain secrets
• Delete the Admin user account Lock Down WP Login and WP Admin
• Use Trusted Sources for Themes & Plugins Source
• HTTPS is a great way to ensure your transactions & traffic are traveling with security in mind. Connecting To Your Site(s) Consider using sFTP or SSH vs. FTP
• Don’t store your credentials in your FTP client.
• Use a Trusted Host
• Use Common Sense • Use a strong password •
• Update passwords regularly (Monthly, make a schedule) •
• Know your admins, limit number of accounts (WP, FTP, Hosting, etc)
• Use Login Lockdown
• Scan your site for malware, SPAM injections, wordpress errors, and more
• Verify core WordPress files have not been modified Scan your files and database for potentially malicious code

Wrap Up

Follow the above-discussed information to find and fix the WordPress spam link injection. If you still have any queries, you can get in touch with the professional team of WP Hacked Help. We have also compiled an exhaustive WordPress security checklist & WordPress malware removal checklist. Save them for future reference as they will come handy.

24/7 WP Security & Malware Removal

Is your site hacked or infected with malware? Let us get it fixed for you

Secure My Website(s)