Is your WordPress site suddenly advertising links to shady looking sites? Does your site display spammy, shady content that you didn’t publish? Is it redirecting to a totally different website? Or maybe you’ve noticed any of the following:
- You suddenly can’t log into admin
- Google says your site isn’t secure
- Your traffic suddenly drops or has unusually high spikes
- Your browser gives you warnings when visiting your site
If so, you’ve probably been hacked so they can use your site for spamming their own links and content. Don’t panic. Just follow this guide and you should be able to fix this fairly quickly in most cases.
Why do Spammers do it?
Spammers like to hack into sites for many reasons, but one of the most common reasons is to insert their own advertising or links to their site. They do this hoping your visitors will click the link, but also to try to manipulate search engines into rank their site higher in the search results.
It’s almost guaranteed that anyone who’s spamming sites with links is involved in a very competitive industry. Just some of the common topics that spam links involve are:
- Gambling or casinos
- Pharmaceutical or health supplements related
- Downloads for movies, songs, ringtones
- Weight loss
- Adult websites
So if you’re running a business site, it can reflect very badly having this type of content on your site. It makes it look like you’re advertising this stuff. That is, if the links are actually visible.
Yep, you could have links to this type of content and not even know it. Sometimes they make it so the links aren’t clearly visible when looking at your site.
So how do you know if you’ve been spam-linked? And how do you get it off your site if you know you have?
How do I Find or Remove Spam Links on my Site?
Just as anytime when you’re going to be messing with your site, the first thing you should do is make sure you have up to date backups ready to go in case something goes wrong.
Check Theme Files with Theme Authenticity Checker (TAC)
TAC is a plugin that will scan your theme’s files to look for any malicious code. Spammers often like to insert their links directly into your theme’s files. If you’re using a nulled or cracked them, this is especially important. It’s very common for people who make these premium themes available for free will also be kind enough to add their own special links and code into the files while “nulling” or “cracking” them for you… but we know you wouldn’t be using these, right? 😊
You can download it from the official WordPress plugins site here.
On a similar note, it’s a good idea to check themes before ever installing them. You can easily do this by using VirusTotal.com. Just upload your zip file and let the scanner check it for you (The max file size is 128MB).
Finding Spam with Exploit Scanner
Exploit Scanner is another plugin that can be handy. It’ll scan all your files, looking for any suspicious code. Keep in mind that this can take a while if you have a lot of plugins and such. However, it’s known to return its fair share of false positives. So get someone who knows what they’re looking at before you go hung-ho deleting stuff.
A few things you can look for that more than likely mean it’s a legit flag and something to look closer at:
- Any URLs that don’t look familiar
- display:none or visibility:hidden – both of these are often used by spammers to hide the content or links they’re adding so you don’t see it and go trying to remove it
- Any code that includes base64 or even backwards (46esab) – Keep in mind though that many plugins use this code so again, you need to know what you’re looking for
You can get Exploit Scanner here.
Checking for Malicious Code with Sucuri
Sucuri has a WordPress plugin in both a free and premium version. It does a good job of checking all your core files to help identify any potential malicious code. If you’re running a business that relies on your site, it’s worth considering the upgraded, premium version.
If you don’t have access to your admin at all, you can still use scanners that don’t require it. A few that you can check out include:
- Norton Safe Web
- Unmask Parasites
- Web Inspector
- Sucuri Site Check
- Scan My Server
- Virus Total
You can download Sucuri’s plugin here.
Help! My Site is Sending Visitors to Spam Websites or Showing Spammy Content
Is your site sending visitors somewhere else when they land on certain pages of your site? Or are they suddenly treated with a Spam page that actually lives right there on your site and you have no idea how it got there?
This is another tactic sometimes used. And unfortunately, unless you’ve got a system in place to prevent and monitor the security of your site, this could happen without you even knowing right away.
If you find your site has spam pages or is redirecting, you’re going to have step back and take a look at your site’s files.
Restore from Backup
If you have up to date backups, then it might just be easier to restore from backup. Of course, if you post often then this might pose a problem…
- If your backups aren’t current, then you might lose some of your more recent content
- Your current, up to date backups that include the most recent content may also contain the spam you’re trying to get rid of
Look for Backdoors
Any experienced hack-spammer will almost certainly install a backdoor the moment they get into your site. A backdoor will let them easily access your site any time they want in the future. So even if you manage to fix something, they can come right back and do it again.
If you have themes or plugins that haven’t been updated in ages, there’s a decent chance they can find a way in through them. If you have themes and plugins that aren’t from reputable sources, they should always be suspect when things get bad. Same for cracked or nulled themes and plugins.
So delete any themes or plugins you aren’t using. Then use one of the plugins or external scanners mentioned earlier to scan the ones you are using. The scan should be able to tell you if there’s bogus code and where it is (including the header or uploads… which are common).
Look for Pages or Folders You Don’t Recognize
If your site is showing spammy content, hopefully the spammer just created new posts in your admin dashboard. In this case, you should easily be able to spot content that’s unrelated or doesn’t look familiar and delete them. But this also means they got access to one of your user accounts or created their own. Make sure you still scan and secure your site, as well as remove the content.
Check .htaccess for Redirects
If your site is redirecting visitors, there’s a good chance they’ve altered your .htaccess file. Hopefully not, as this is tedious and even after you’ve removed their mess, you still have to add more code to fix the harm done.
Search engines use this file. It tells search engines where to look for content. So after removing the malicious code, you’ll have to inform the search engines that “Hey, that isn’t here anymore!”
Warning: If you mess up your .htaccess file, you can break your site. Please make sure you’re comfortable with .htaccess code or get someone who knows what they’re doing to check it out for you! And while you’re there, you might as well add a few things to secure your site (and your .htaccess file) from hackers in the future. See our guide for securing WordPress with .htaccess here.
Check Your System
There may actually nothing wrong on your site at all. If your computer isn’t secure, they could simply hack into your system and install a keylogger. Then they can access pretty much anything you can. So whether you can’t find any breach on your site or you’ve completely cleaned your site up, always scan your own system and make sure it’s secure from malware and viruses.
Change and Use Secure Passwords
This should go without saying, but go ahead and change your passwords. Also, be sure you aren’t using your name, birthday, etc. Don’t use the same password for everything. This might be annoying, but it’s well worth it. If needed, look into a password manager like LastPass to help you keep track of them all.
Let Search Engines Know
Once you’ve removed the spam content, create a new sitemap and submit them to the search engines. Unfortunately, if the content was indexed, it might continue to show in search results for a little while. There’s nothing much you can do about it other than to wait for them to reflect your changes.
Last but not least, contact your host if you still need help. If you’re using a Hostwinds VPS, you might want to consider Windshield. This is a popular service that helps protect your VPS from possible threats. Check it out here!
As always, we’re more than happy to take a look and help you figure out what’s going on. If you need help, don’t hesitate to use our live chat or submit a ticket.
Have you ever had any of this happen to you? What did you do?
If you found this helpful, please share!