Stay on top of WordPress Spam Injection with Automatic Upgrades and SpamCheckr
I had the unfortunate experience of being spammed a few months ago. Not a huge deal but it did cause both Baconmusic and Engand for Obama to be removed from Google search results for 30 days.
If however it would have been THIS site or one of my client sites I would have been in serious trouble.
What happened
Both of the sites in question were running old versions of WordPress with modified themes that I hadn’t developed from scratch. I’d simply made new CSS/images over an existing framework.
Baconmusic was attacked by link SPAM
Turns out both of these themes had security holes, as did the version of WordPress (2.5) each of the sites were running.
These exploits allowed an evil spam bot to hack in and insert some dodgy code into the WordPress theme header and footer files.
How did I find out
An email arrived in my inbox – the weird thing was initially I thought it was SPAM. The subject was something along the lines of “Your website has been removed from Google..”
Google warning message, courtesy of spamcheckr.jungleg.com/about
“Yeh, sure… whatever…” I thought. Then I read the message and quickly got worried.
After trawling my website code it was obvious something was wrong. Literally 100s of hidden links were embedded into the header and footer of each site. You can imagine the type – viagra, dating, weight loss, money making… all that rubbish.
How I fixed it
First thing I did was fire up SpamCheckr a great service which will use Googles own algorithms to look though your site and report on the problem. Both sites came back with 1000s of issues and a Spam Score which was off the charts (eek!).
The next step was to look into my WordPress theme and find the damage – and after logging in it was obvious where the problem lie: header.php and footer.php where awash with nasty encrypted PHP code.
The easiest way to fix this problem was to re-upload my theme files from a local backup. Therefore overwriting any changes – phew!
After this I upgraded WordPress to the latest version on both blogs. Ran a few security checks and installed a couple of security hardening plugins.
I then gave SpamCheckr another run to make sure everything was clean. My Spam Score was now a truly delightful ZERO 
Thankfully my MySQL database was secure. If not the bot could have hacked in and added lines of code to every single post/page/comment in my WordPress database. This happened recently on the CoolSmartPhone website and caused it to go down for a couple of days – nasty stuff!
Immunisation
Upgrading WordPress and checking for weird code in themes is the best measure to ensure this never happens again.
Plugins are also a risk – like themes always download from the official WordPress site or a site you know and trust.
I also run SpamCheckr once a month on every site I manage – just in case – they actually have a service which can do this for you automatically but I have yet to sign up.
IF you’ve never ran this on your site please – do it now.
