Being one of the smartest and most well-disguised hacks, spam link injections are much dreaded among WordPress site owners.

If you’re a victim of a spam injection hack, it can be an extremely frustrating ordeal as it’s one of the most difficult ones to detect and fix.

We’ve seen quite a few cases where clients initially resorted to restoring their backup to get rid of the hack. They also tried going into the files and database and deleting the malicious code. But in just a few days, the spam was back to haunt them!

Here, we’ll show you the most effective and efficient way to get rid of spam once and for all.

TL;DR –
Spam link injections are one of the most difficult ones to get rid of.  If you’re a victim of this hack looking for an effective solution, you need our WordPress security plugin, MalCare, to be spam-free permanently. It will comb through your site and clean up all traces of malware on your site instantly. It will also protect you from any kind of attack in the future.

First up, as we mentioned this hack is a complex one. So before we start fixing it, it is important to understand what exactly is going on.

What is a spam link injection?

A spam links injection is just one of the malicious activities hackers can execute when they gain access to your WordPress site. This hack is popularly known as SEO spam or spamdexing.

Instead of doing the hard work to get their pages to rank legitimately on SERPs (search engine results pages), hackers use your website – especially top-ranking pages – to hijack your SEO accomplishments.

Some of the things they do include:

    • Inserting hyperlinks on your pages. If a user/visitor clicks on those, they will be directed to another website – usually, one that sells/promotes illegal products and content.
    • Create new pages, sometimes even thousands of pages.
    • Inserting certain keywords that we consider as spam in pages that rank well in search engines’ results. When a user searches for these keywords, your website will rank.
    • Display banners and ads for their products and content on your site.
    • Send spam emails to your customer database.

The tricky thing about SEO spam injections is that hackers go to great lengths to hide it from website owners for as long as they can. Therefore, it goes undetected for a long time.

So the first step to take is to make sure you are a victim of SEO spam, after which, we can proceed to fix it.

Find out if your WordPress website has an SEO spam hack

If you’re sure your WordPress website is hacked, you can jump to detecting and cleaning it. However, if you suspect you’ve been hacked or just want to be sure, here are the ways in which you can be sure you’ve been hacked.

1. Google Blacklist – If you’ve had malware on your site that will harm users, Google will blacklist you. Since these hacks go undetected for a long time, it usually is the case where Google finds it before the site owners do.

You’ll receive an email stating that your site has been blacklisted due to the presence of malware. You may also see a warning or notification displayed to users who try to access your site, like this:

 

Google warning for infected website

 

Google may also put up a warning on the search engine results page itself, even before users can click on the link.

 

warning in search results

 

Google does this as its top-priority is user experience. They strive to provide relevant and safe results to the user at lightning speed. Therefore, they will not jeopardise the safety of their users under any circumstances.

2. Web host suspension – Like Google, your web host will also suspend your site. You will get a notification from them that your account has been suspended. Depending on your web hosting provider, they wiould either tell you there is malware present or you might have to contact them to find out the reason for suspension.

 

web host account suspended

 

Why do web host’s suspend hacked accounts? Well, you are allotted a certain amount of server resources per website. If your site is hacked, it will most likely exceed these resources. Furthermore, if you’re using a shared server, you could possibly put other sites on the same server at risk.

3. Check Google Analytics – If you run a website, then Google Analytics and Search Console are must-haves. If you don’t already have them, start now. With Analytics, you can see the details of your website’s visitors. Your traffic should be coming in from relevant keywords. If you see that you’re getting traffic for keywords like “buy viagra online”, or “cheap gucci bags”, you can be sure your website has a pharma hack.

 

google analytics results

 

4. Security plugin – If none of the above has happened, and you still suspect you’ve been hacked, we suggest you install a security plugin such as MalCare. It will scan your website entirely and alert you if any sort of malware is found on it, including SEO spam injections.

Once you know you’re hacked, we need to find the spam and get rid of it.

Note: Finding and deleting spam keywords and links manually is a temporary fix and will not get rid of the hack. You need to remedy the root cause of the problem, i.e., the vulnerability in your website that allowed the hacker to enter.

How to find and fix SEO spam injection links?

We stated earlier that this is a complicated hack and can be hard to fix, but the truth is, it’s hard only if you’re not using the right method. If you’ve already tried to manually find and delete the SEO spam, you’ve probably figured out that it doesn’t work.

The spam will simply regenerate. This can be because of two reasons:

    • There is a vulnerability on your website that is allowing hackers to gain access.
    • The malware present on your website uses cron jobs which is a way of creating backdoors on your site every other day.

In the case of SEO spam hacks, we discourage the manual method of detection and cleaning simply because the hack can be widespread, hidden and disguised. It’s time-consuming and laborious to find the hack and backdoors created by the hacker.

So, first, we’ll take you through the easiest and most reliable method – Using A WordPress Security Plugin. It saves time and gets the job done efficiently.

If you want to attempt a manual cleanup, we’ve entailed the process in the next section.

Fixing SEO Spam Injections on a WordPress Website Using a Security Plugin

You can use a WordPress security plugin to find the hack and clean it up in no time. However, there are many plugins available on the market and it’s hard to choose one.

Not all security plugins will work efficiently and detect hidden malware. Many of them rely on old methods that aren’t able to detect new or disguised hacks.

To fix a spam injection, you need an automated process that will comb through all your website’s files and the entire database to find the malware.

From the many plugins available, we’ll show you how to use MalCare to clean a spam hack.

Why MalCare? We’ve listed out the features of this plugin briefly below:

 

MalCare malware removal

 

– It detects hidden, disguised, and new malware

We are aware that SEO spam is disguised and hidden from plain sight. It’s hard to detect just by looking at the files and database.

Now, regular scanners use a technique called signature or pattern matching to find malware. What it does is it looks for code that is already known to be malicious. These plugins will miss any new malware.

The MalCare scanner does not rely on these outdated methods. It uses over 100+ intelligent signals to find suspicious code on your website and it also analyses how the code behaves. This helps it track down malware and find all hidden links and disguised code.

Lastly, some code that is used in hacks are also used in legitimate plugins. Many malware scanners aren’t able to tell the difference. Here, the technique MalCare uses to analyze behavior and patterns of code enables it to eliminate such false alarms.

– Automatically takes a backup for you

Fixing a hacked website requires deleting code or files. This is why we recommend taking a backup. Before the scan begins, MalCare will take a backup for you and store it safely in an offsite server.

– Find the spam in a few minutes

Next, the plugin will automatically start scanning your website. The time taken to scan greatly depends on the size of your site. However, it generally takes just a few minutes.

– Clean up your website automatically

You can Auto-Clean your site to get rid of the malware by just clicking a button. It may take a few minutes, but once done, you’ll be completely 100% spam-free and malware-free!

– Helps prevent future attacks

Once done, you can continue to stay protected from SEO spam as the plugin offers other features that keep your site safe and secure.

    • You can block malicious IP addresses and bad bots from trying to access your website.
    • You can also limit the number of login attempts into wp-admin within a specific time period for every user.
    • Change all the login credentials for all users of your site, and disable plugin installations and the file editor.
    • Lastly, you can also update your WordPress installation as well as any plugins and themes you have present on your website.

How to Use MalCare Security Plugin

Here, we’ll show you how to install MalCare to clean up a spam hacked site.

Tip: Keep your FTP credentials and WP-admin credentials ready with you in order to make the process faster.

    • Visit wordpress.org and install MalCare.
    • Once activated, the plugin appears independently on the left panel of your site’s wp-admin. Select ‘Malware scan’ and click on ‘Scan site’.

 

Scan site with MalCare plugin

 

    • Next, the plugin will take you to the MalCare dashboard where it will automatically scan your website. You get one free scan with this plugin. You’ll see the following screen:

 

Configuring Malcare Security on your Site

 

    • You might need to be patient during this step, as the time taken can vary depending on a number of factors like the size of your site. You’ll be notified if your website is clean or hacked. If you see the following notice, you’ll need to upgrade to a premium plan to get access to clean it up immediately.

 

Auto Clean Hacked site

 

Note: Malware scanning and cleaning is a complex process and is, therefore, a paid service with all security plugins. The only free option is to do it manually which is not efficient. It’s a small price to pay to keep your website secure.

    • Once you upgrade to the premium plan, you simply need to click on ‘Auto-clean’ and that’s it. The backend complexities are taken care of for you. After it completes cleaning your site, you’ll see the prompt that your site is cleaned. You can then return to your dashboard.

 

finishing site clearing

 

You can be 100% sure your site is malware-free. But we suggest you do a check of your website to make sure.

If you were blacklisted by Google, you will need to send an appeal and request them to take you off the blacklist. You might find this article on How to remove Google Blacklist easily helpful.

Next, using the same MalCare plugin, you can take preventive measures immediately and stay protected from future attacks. We recommend you carry out the following steps.

Steps to Prevent Future Spam Attacks with MalCare

When you use MalCare, it will regularly scan your site for malware. If it detects anything suspicious, you will be alerted. It also actively blocks malicious IPs and bad bots from harming your website. Apart from that, there are some measures, known as website hardening, you need to take on your own. However, MalCare enables you to do all of it with a few clicks.

1. Update your website

From the dashboard, you can view if your WordPress installation is outdated. You can also see how many themes and plugins need updates. You can update them all directly from the MalCare dashboard.

 

MalCare dashboard

 

2. Apply Website Hardening

On the dashboard, access ‘Security’, and you will see your site’s security details displayed like this:

 

WP spam link injection

 

Click on ‘Apply Hardening’ and you will get options as follows:

    • Essentials – This will allow you to Block PHP Execution in any Untrusted Folders and Disable Files Editor.
    • Advanced – You can Block Plugin/Theme Installations.
    • Paranoid – Change Security Keys and Reset All Passwords across the board for all users.

Read up on more details about website hardening before you implement it on your site.
A WordPress security plugin will not only scan your hacked site, but it will fix it for you and help prevent future attacks. Click To Tweet

Manually cleaning a spam on hacked WordPress websites

As we said, this method is more complex and carries a lot of risk. However, if you want to attempt a manual cleanup, we’ve entailed the process below.
Word of advice, do take a backup of your files and database before you attempt a manual cleanup of a hacked website. Click To Tweet

That said, here are the steps to cleaning up your hacked website:

Step 1: Scanning Files and Deleting Malicious code

Login to your hosting account and go to cPanel > File Manager > public_html.

Here, you should see three folders – wp-admin, wp-includes, and wp-content.

 

public_html content folders

 

Look for malicious code in all your files. Hackers hide spam link codes using styles that hide to cover the links from being visible inside the page, such as:

<div style=”position: absolute; top: -132px; overflow: auto; width:1259px;”>

Once you identify the spam codes, you simply need to delete them. If you’re lucky, the spam code might be the same across all the pages. In that case, you can just find and replace them altogether.

Tip: Pay attention to the plugins and themes files and folder under wp-content because these outdated/vulnerable plugins are the easiest entry points for hackers to inject your website with spam.

Step 2: Scanning and Cleaning your Database

From your hosting dashboard, click on cPanel > phpMyAdmin. Select your database from the list on the left and then click on “Export”.

 

database quick export

 

Let the default settings remain as Quick export method and SQL format. Once you’ve downloaded the database, open it as a txt file in Notepad or similar software.

Now, you need to search for PHP functions like base64_decode, gzinflate, eval and shell_exec. These are some of the most commonly PHP functions that hackers use but are not the only ones.

Next, you need to remove these functions either by editing out the malicious text or simply deleting the record.

Once your database is clean, you can import the same back into your website using phpMyAdmin.

 

database import

 

Caution: These PHP functions are not always malicious. Deleting ones that are non-malicious can break the functionality of your website.

If you’re satisfied that your website is clean and rid of the malicious scripts, you need to take measures to patch up the vulnerability.

Prevent spam injection hacks on your WordPress site

We recommend that you implement the following security measures on your website:

1. WordPress
    • Change all your passwords.
    • Update your WordPress installation to the latest version.
    • Check all your users and ensure there are no unknown users.
    • Limit the number of people who have admin access to a minimal. You can grant editor and subscriber access to the ones who don’t need admin powers.
    • Implement two-factor authentication on your site.
    • Limit the number of login attempts of all users.
    • Disable File Editor.
2. Plugins and Themes
    • Delete any inactive themes and plugins present on your website. Keep only the ones you use.
    • Update the rest of the plugins and themes to their latest version.
    • Never use pirated/nulled/cracked versions of plugins and themes.
    • Check details of your plugins/themes in the wordpress.org repository.
3. Web Host
    • Ensure you’re using a trusted web host that has good security measures in place.
    • If you’re using a shared server, consider shifting to a dedicated one.

Conclusion: Putting an end to spam

 

 

WordPress spam injections can be a nightmare. If you’re unable to get rid of the spam, you’ll lose customers/visitors and you could stand to lose your website altogether.

Therefore, fixing the spam hack and staying protected is critical to your website’s health and existence.

We recommend that you Install a security plugin such as MalCare to ward off hackers and their malicious bots!