Start Now!

How To Find Out and Fix Spam Scripts On WordPress Theme?

  • 44
  • 4.7K
How To Find Out and Fix Spam Scripts On WordPress Theme?

After Matt Cutts confirmation of upcoming major Google algorithm update in 2013, there is a great panic among the webmasters. There are lots of discussions going on about the hitting parameters of this update but nobody has satisfactory answer. However, one thing is cleared by Matt Cutts himself that sites with on-page spam will be hit. He referenced a university site selling Viagra pills but the ad cannot be seen on the front page until you visit the coding page. The spam ads are not displayed on the viewed page because all of us know that spam scripts are inserted via coding and it might be a SQL injection that is an unenthusiastic technique done by inserting script of codes and links or portions of SQL statements in particular fields to attack static, dynamic page or data driven apps.

Nowadays, there is a pessimistic network of SQL inject in full swing. It commonly injects SQL on different sites and especially their targeted sites are PHP based CMS (content management systems) sites like WordPress, Joomla, Drupal, etc. So, if you are running a blog or site via any of these CMSs, then double check that you are not selling Viagra pills or any other irrelevant stuff. Here is an example of spam script that was inserted into a WordPress blog.

wordpress blog

To make sure that your site doesn’t include this sort of script, use fetch as Google tool as suggested by Matt Cutts. Sometimes your site is successfully fetched by Google but still there is a possibility of unexpected content existence. Therefore, to make sure the protection of your site visit the backend page by using view source option and manually check the page for different types of spamdexing, unusual codes and SQL attacking vectors. If you find any kind of unusual coding or script excepting Google analytics, webmaster and other useful codes, inspect the element and locate the section (header, main body, footer) where it exists.

Now to remove, simply login to you ftp account or c-panel, visit the allocated page, and remove the complete script from there. In WordPress theme this can be done by simply signing in your dashboard and under appearance menu there is an option of editor. Visit the troubled section, edit the section, remove the script and save changes. Now again use fetch as Google tool to make sure that your side is properly indexed by Google bot. after fixing the issue remember to resubmit the sitemap both html and xml version in both major search engines Bing and Google. Normally, main page of the site is targeted for this type of scripts but manual inspection of each and every page is better. You can simply take a quick look of the inner pages backend section or just use fetch as Google tool for inner pages and manually check the home and main pages. Here are few safety measures to make your WordPress site protected from these spam scripts insertions.

Use Updated Version of WordPress

Always make sure that you are running the latest version of WordPress. After the release of new version a message is displayed on your dashboard telling about the availability of latest version. The message is displayed at the top of the dashboard, you just need to click the available link, and it will automatically upgrade. You can upgrade the version by clicking the tool options in the dashboard menu and upgrade it. It’s a good way to secure your site because latest security measures are fixed with every new release.

Use Security Plugins

You should be using different reliable security plugins to keep your theme protected. WP security and BPS security plugins are well-known and I have personally experienced them.

Frequently Backup Your Database

From time to time take the backup of database. The backup database should include all your pages, posts including, images, coding, plugins, additional files, etc. In case if you lose any significant data due to virus or SQL inject, you can easily recover your site by having a WordPress backup.

Username & Password Protection

Frequently change your password and username and it’s better to change them on monthly basis. Avoid using the word “admin” as username and keeping common passwords used like ‘123456’ ‘password’ etc.


Subscribe to SEJ

Get our daily newsletter from SEJ's Founder Loren Baker about the latest news in the industry!


Muzammil Hussain

Syed Muzammil is digital marketing manager at LiveWireLabs. I love Food :)

Read the Next Article
Read the Next