How to Find and Remove Spam Link Injection in WordPress?

Oct 12, 2019

How to Find and Remove Spam Link Injection in WordPress?

Oct 12, 2019

Being one of the smartest and most well-disguised hacks, spam link injections are much dreaded among WordPress site owners.

If you’re a victim of a spam injection hack, it can be an extremely frustrating ordeal as it’s one of the most difficult ones to detect and fix.

We’ve seen quite a few cases where clients initially resorted to restoring their backup to get rid of the hack. They also tried going into the files and database and deleting the malicious code. But in just a few days, the spam was back to haunt them!

Here, we’ll show you the most effective and efficient way to get rid of spam once and for all.


If you’re a victim of spam link injections you need to clean your site immediately. Download and install this Spam Link Injection Removal Plugin, to scan and clean your site. Moreover, the plugin will also protect you from any kind of attack in the future.


What Is a Spam Link Injection?

A spam links injection is just one of the malicious activities hackers can execute when they gain access to your WordPress site. This hack is popularly known as SEO spam or spamdexing.

Instead of doing the hard work to get their pages to rank legitimately on SERPs (search engine results pages), hackers use your website – especially top-ranking pages – to hijack your SEO accomplishments.

Some of the things they do include:

    • Inserting hyperlinks on your pages. If a user/visitor clicks on those, they will be directed to another website – usually, one that sells/promotes illegal products and content.
    • Create new pages, sometimes even thousands of pages.
    • Inserting certain keywords that we consider as spam in pages that rank well in search engines’ results. When a user searches for these keywords, your website will rank.
    • Display banners and ads for their products and content on your site.
    • Send spam emails to your customer database (read – phishing attacks).

The tricky thing about SEO spam injections is that hackers go to great lengths to hide it from website owners for as long as they can. Therefore, it goes undetected for a long time.

So the first step to take is to make sure you are a victim of SEO spam, after which, we can proceed to fix it.

[Back to Top ↑]



How to check if you are affected by Injected Spam Link?

If you’re sure your WordPress website is hacked, you can jump to detecting and cleaning it. However, if you suspect you’ve been hacked or just want to be sure, here are the ways in which you can be sure you’ve been hacked.

1. Check If Google Blacklisted You

If you’ve had malware on your site that will harm users, Google will blacklist you. Since these hacks go undetected for a long time, it usually is the case where Google finds it before the site owners do.

You’ll receive an email stating that your site has been blacklisted due to the presence of malware. You may also see a warning or notification displayed to users who try to access your site, like this:


phishing attack ahead warning


Google may also put up a warnings like this site may be hacked or deceptive site ahead on the search engine results page itself, even before users can click on the link.


this site may be hacked


Google does this as its top-priority is user experience. They strive to provide relevant and safe results to the user at lightning speed. Therefore, they will not jeopardise the safety of their users under any circumstances.

2. Check If Your Web Host Suspended You

Like Google, your web host will also suspend your site. You will get a notification from them that your account has been suspended. Depending on your web hosting provider, they wiould either tell you there is malware present or you might have to contact them to find out the reason for suspension.


web host suspended


Why do web host’s suspend hacked accounts? Well, you are allotted a certain amount of server resources per website. If your site is hacked, it will most likely exceed these resources. Furthermore, if you’re using a shared server, you could possibly put other sites on the same server at risk.

3. Check Google Analytics & Console For Malicious Keywords

If you run a website, then Google Analytics and Search Console are must-haves. If you don’t already have them, start now. With Analytics, you can see the details of your website’s visitors. Your traffic should be coming in from relevant keywords. If you see that you’re getting traffic for keywords like “buy viagra online”, or “cheap gucci bags”, you can be sure your website has a pharma hack.


keywords google search console


4. Scan Your Site With a Security Plugin

If none of the above has happened, and you still suspect you’ve been hacked, we suggest you install a security plugin such as MalCare. It will scan your website entirely and alert you if any sort of malware is found on it, including SEO spam injections.

Once you know you’re hacked, we need to find the spam and get rid of it.

Note: Finding and deleting spam keywords and links manually is a temporary fix and will not get rid of the hack. You need to remedy the root cause of the problem, i.e., the vulnerability in your website that allowed the hacker to enter.


How to Find & Clean Spam Link Injection in WordPress?

We stated earlier that this is a complicated hack and can be hard to fix, but the truth is, it’s hard only if you’re not using the right method. There are two ways of finding and cleaning spam link injection –

  1. You can do it by using a plugins (the easy way)
  2. You can do it manually (the hard way)

If you’ve already tried to manually find and delete the SEO spam, you’ve probably figured out that it doesn’t work.

The spam will simply regenerate. This can be because of two reasons:

    • There is a vulnerability on your website that is allowing hackers to gain access.
    • The malware present on your website uses cron jobs which is a way of creating backdoors on your site every other day.

In the case of SEO spam hacks, we discourage the manual method of detection and cleaning simply because the hack can be widespread, hidden and disguised. It’s time-consuming and laborious to find the hack and backdoors created by the hacker.

So, first, we’ll take you through the easiest and most reliable method – Using A WordPress Security Plugin. It saves time and gets the job done efficiently.

If you want to attempt a manual cleanup, we’ve entailed the process in the next section.


1. Fixing SEO Spam Link Injections Using a Security Plugin

You can use a WordPress security plugin to find the hack and clean it up in no time. However, there are many plugins available on the market and it’s hard to choose one.

Not all security plugins will work efficiently and detect hidden malware. Many of them rely on old methods that aren’t able to detect new or disguised hacks.

To fix a spam injection, you need an automated process that will comb through all your website’s files and the entire database to find the malware.

From the many plugins available, we’ll show you how to use MalCare to clean a spam hack.

Why Use MalCare Security Plugin?

We’ve listed out the features of this plugin briefly below:

i. Detects Hidden, Disguised, & New Malware

We are aware that SEO spam is disguised and hidden from plain sight. It’s hard to detect just by looking at the files and database.

Now, regular scanners use a technique called signature or pattern matching to find malware. What it does is it looks for code that is already known to be malicious. These plugins will miss any new malware.

The MalCare scanner does not rely on these outdated methods. It uses over 100+ intelligent signals to find suspicious code on your website and it also analyses how the code behaves. This helps it track down malware and find all hidden links and disguised code.

Lastly, some code that is used in hacks are also used in legitimate plugins. Many malware scanners aren’t able to tell the difference. Here, the technique MalCare uses to analyze behavior and patterns of code enables it to eliminate such false alarms.


blogvault backups


ii. Automatically Takes a Backup for You

Fixing a hacked website requires deleting code or files. This is why we recommend taking a backup. Before the scan begins, MalCare will take a backup for you and store it safely in an offsite server.

iii. Finds Spam Links Within Minutes

Next, the plugin will automatically start scanning your website. The time taken to scan greatly depends on the size of your site. However, it generally takes just a few minutes.

iv. Cleans Website Instantly

You can Auto-Clean your site to get rid of the malware by just clicking a button. It may take a few minutes, but once done, you’ll be completely 100% spam-free and malware-free!


blogvault firewall


v. Helps Prevent Future Attacks

Once done, you can continue to stay protected from SEO spam as the plugin offers other features that keep your site safe and secure.

    • You can block malicious IP addresses and bad bots from trying to access your website.
    • You can also limit the number of login attempts into wp-admin within a specific time period for every user (recommended read – brute force attacks).
    • Change all the login credentials for all users of your site, and disable plugin installations and the file editor.
    • Lastly, you can also update your WordPress installation as well as any plugins and themes you have present on your website.
[Back to Top ↑]


How to Use MalCare Security Plugin to Scan & Clean Your Site?

Here, we’ll show you how to install MalCare to clean up a spam hacked site.

Tip: Keep your FTP credentials and WP-admin credentials ready with you in order to make the process faster.

Step 1: Sign up with MalCare and set up an account. After that, MalCare will automatically start scanning your website.

You might need to be patient during this step, as the time taken can vary depending on a number of factors like the size of your site.


malcare scan


Note: Malware scanning and cleaning is a complex process and is, therefore, a paid service with all security plugins. 

Step 2: Once you upgrade to the premium plan, you simply need to click on ‘Auto-clean’ and that’s it. The backend complexities are taken care of for you. After it completes cleaning your site, you’ll see the prompt that your site is cleaned. You can then return to your dashboard.


malcare clean


You can be 100% sure your site is malware-free. But we suggest you do a check of your website to make sure.

If you were blacklisted by Google, you will need to send an appeal and request them to take you off the blacklist. You might find this article on How to remove Google Blacklist easily helpful.

Next, using the same MalCare plugin, you can take preventive measures immediately and stay protected from future hack attacks. We recommend you carry out the following steps.

[Back to Top ↑]


Preventing SEO Spam Injection Attacks With MalCare

When you use MalCare, it will regularly scan your site for malware. If it detects anything suspicious, you will be alerted. It also actively blocks malicious IPs and bad bots from harming your website. Apart from that, there are some measures, known as website hardening, you need to take on your own. However, MalCare enables you to do all of it with a few clicks.

1. Update Your Website

From the dashboard, you can view if your WordPress installation is outdated. You can also see how many themes and plugins need updates. You can update them all directly from the MalCare dashboard.


malcare site updates


2. Apply Website Hardening

On the dashboard, access ‘Security’, and you will see your site’s security details displayed like this:


malcare site hardening


Click on ‘Apply Hardening’ and you will get options as follows:

    • Essentials – This will allow you to Block PHP Execution in any Untrusted Folders and Disable Files Editor.
    • Advanced – You can Block Plugin/Theme Installations.
    • Paranoid – Change Security Keys and Reset All Passwords across the board for all users.

Read up on more details about website hardening before you implement it on your site.

[Back to Top ↑]

2. Fixing SEO Spam Link Injections Manually

As we said, this method is more complex and carries a lot of risk. However, if you want to attempt a manual cleanup, we’ve entailed the process below.

That said, here are the steps to cleaning up your hacked website:

Step 1: Scanning Files & Removing Malicious Code

Login to your hosting account and go to cPanel > File Manager > public_html.

Here, you should see three folders – wp-admin, wp-includes, and wp-content.


public html folder


Look for malicious code in all your files. Hackers hide spam link codes using styles that hide to cover the links from being visible inside the page, such as:

<div style=”position: absolute; top: -132px; overflow: auto; width:1259px;”>

Once you identify the spam codes, you simply need to delete them. If you’re lucky, the spam code might be the same across all the pages. In that case, you can just find and replace them altogether.

Tip: Pay attention to the plugins and themes files and folder under wp-content because these outdated/vulnerable plugins are the easiest entry points for hackers to inject your website with spam.

Step 2: Scanning & Cleaning Your Database

From your hosting dashboard, click on cPanel > phpMyAdmin. Select your database from the list on the left and then click on “Export”.


database export


Let the default settings remain as Quick export method and SQL format. Once you’ve downloaded the database, open it as a txt file in Notepad or similar software.

Now, you need to search for PHP functions like base64_decode, gzinflate, eval and shell_exec. These are some of the most commonly PHP functions that hackers use but are not the only ones.

Next, you need to remove these functions either by editing out the malicious text or simply deleting the record.

Once your database is clean, you can import the same back into your website using phpMyAdmin.


database import


Caution: These PHP functions are not always malicious. Deleting ones that are non-malicious can break the functionality of your website.

If you’re satisfied that your website is clean and rid of the malicious scripts, you need to take measures to patch up the vulnerability.

[Back to Top ↑]

How to protect WordPress Site from Spam Link Injection in future?

We recommend that you implement the following security measures on your website:

1. WordPress
    • Change all your passwords.
    • Update your WordPress installation to the latest version.
    • Check all your users and ensure there are no unknown users.
    • Limit the number of people who have admin access to a minimal. You can grant editor and subscriber access to the ones who don’t need admin powers.
    • Implement two-factor authentication on your site.
    • Limit the number of login attempts of all users.
    • Disable File Editor.
2. Plugins and Themes
    • Delete any inactive themes and plugins present on your website. Keep only the ones you use.
    • Update the rest of the plugins and themes to their latest version.
    • Never use pirated/nulled/cracked versions of plugins and themes.
    • Check details of your plugins/themes in the repository.
3. Web Host
    • Ensure you’re using a trusted web host that has good security measures in place.
    • If you’re using a shared server, consider shifting to a dedicated one.

SEO spams are closely related to VCD malware. Here’s a guide on how to remove WP-VCD malware.

[Back to Top ↑]


Final Thoughts

Even though your website is now clean, you need to ensure that it remains protected in the future. To achieve that, here’s what we suggest you do to –

  1. Install a security plugin such as MalCare that monitors, alerts, and protects your website round the clock.
  2. Take a complete backup of your website using a WordPress Backup Plugin so that you can restore your website back to normal in a jiffy.
  3. Also, take appropriate site hardening measures to ensure that your website remains protected from future hack attempts.

When you have taken all the measures that you possibly could, you can stop worrying about your website and start focusing on growing your business.

Level up your Site Security – Try MalCare Now!


spam link injection wordpress
Share via
Copy link