911 Hack Removal

How to Effectively Remove WordPress SEO Spam Results from Google Search [Video Included]

Updated on: February 7, 2022

How to Effectively Remove WordPress SEO Spam Results from Google Search [Video Included]

Is your WordPress website generating spam results on Google? Yes? Then you might have fallen prey to SEO Spam malware! This WordPress SEO Spam malware creates junk pages on your website that get redirected to other malicious web pages, which often goes unnoticed by the website owners. The most common variants of this attack are Korean SEO Spam & Spam link injection. Read on to know how to find and fix it.

In 2021, WordPress powers 41.7% sites on the Internet. And the adoption of WordPress CMS is not stopping among small and medium sized businesses. However, this increasing trend is also inviting hackers to hack into the sites and promote their motives. WordPress SEO Spam is also one of these hacks where the hackers typically target well-established WordPress sites that have high traffic and good search engine rankings and use these compromised websites to rank their own illegal products and services on search engines.

Malware hacks such as WordPress SEO Spam are similar to the WordPress Pharma Hack. These kinds of hacks use your reputable site and redirect its visitors to the hacker-controlled domains. While Blackhat SEO spam removal is widespread, it can be very tricky!

Do Google or Bing show weird search results for your website? Find out in 15 seconds.

In this guide, we’ll discussing how to prevent, find and fix WordPress SEO Spam hack. So, let’s dig in!

How To Find the WordPress SEO Spam Hack?

To find if your website is affected by WordPress SEO Spam, you need to check for the following symptoms:

1. Searching site:[your site root URL] displays spam results

The easiest way to find out if your WordPress site is affected with SEO spam malware is to conduct a simple Google search. You need to type site: followed by your domain name. On navigating through the search results, you might notice meaningless word junctions appended to your domain name. The malware is designed to divert Google searches away from your site towards malicious sites.

For example, if you notice the above instance, your website is probably infected. The screenshot above is a site infected with the infamous Japanese SEO Spam.

If you observe any of the following symptoms on your WordPress website, you’re most likely to have been infected by the WordPress SEO Spam hack.

2. You notice new files appearing around your site

All websites affected by this WordPress SEO Spam malware had one thing in common: suspicious new files. The attackers usually tend to create a directory in wp-content/plugins/api-key with the files:

  • apikey.php
  • header.php
  • login.php
  • newsleter.php
  • wp-layouts.php
  • wp-nav-menus.php

Most often, these files contain critical malware code.

Some other files that are often created in the WordPress root directory with malicious code are:

  • wp-domain.php
  • wp-main.php
  • wp-uti.php
  • wp.php

Anohter example of this symptom is a file named ms-menu.php, which is usually created in the /wp-admin directory.

3. You perform primitive malware identification

WordPress SEO Spam malware is almost entirely dependent upon the host website to function properly. It executes itself every time a page refreshes or loads. It makes sure that WordPress functionalities are always up and running. In case the WordPress website breaks/crashes, the malicious code will not be executed. It also supports various factors where the attacker can remotely update and rectify the website if needed. The WordPress Spam cryptoware also establishes the backup files in case of aborted updates.

One of the other features of WordPress SEO Spam malware is the ability to identify and remove primitive malware present on the host WordPress website to avoid any suspicions from the website administrator. Following is a code snippet example of the WordPress Spam Malware eliminating competition:

if (is_file("$level" . "index.php")) {
	$ind = file_get_contents("$level" . "index.php");
	if (filesoze("$level" . "$index.pho"). 'hacked')
	OR stripos(file_get_contents("$level" . "index.php"). 'hacked')
	OR stripos($ind, 'WARNING: This file is protected by copyright law. To reverse engineer or decode this file is strictly prohibited')
	OR stripos($ind, 'form action="" method="post"></form')
	OR stripos($ind, 'eval(gzuncompress(')
	OR stripos($ind, 'WARN1NG_RC')) {
		chmod("$level" . "index.php", 0777);
		unlink("$level" . "index.php");

4. You notice your Google AdWords being disabled

Due to the widespread use of ads on the internet these days, they have become an easy way for hackers to direct users to compromised/malicious websites. This has forced advertisement networks such as Google AdWords to have stringent policy upgrades to avoid the spread of malware through hacked websites. Google AdWords regularly scans websites for hacked content & suspends ads running for hacked websites.

A few easily noticeable symptoms are warnings shown by Google on your AdWords being suspended. If you find any of these, you might be affected:

  • Malicious or unwanted software. See what Google (here) itself has to say!
  • Our system randomly and periodically scans the website and checks if the website complies with the Google policy. Therefore, recently your website was scanned and the most recent system scan detected that this advertiser’s primary declared landing page is affected by an unsafe domain [domain .com]

To have a clear understanding and how to fix disapproved Google AdWords, read our detailed blog post.

To cure your website of spam links, you need to do a thorough analysis of your files and databases. Here is how you can go about that:

Search these files for spam links: theme headers, footers, or within the theme functions. Usually, the links are easily visible as hypertext links. However, in rare cases, they might be obfuscated too. Find the unknown, malicious links.

For instance, this is what a malicious link looks like:

<?php NorebroLayout::get_footer_buffer_content( true ); echo "<a href=\"http://www.authenticjetshockeyshop.com/mark-scheifele-jersey_c-422.html\"> </a>&nbsp;"; wp_footer();  ?>

Sometimes it is hard to tell if spam links have been inserted. In such a case, it is advised you scan your site with SEO Spam Scanner.

6. Scan the database

Another target for spam links insertion is the database. So, you would need to scan the database as well for spammy links. Often spam links are inserted into your web pages & posts. Now, reviewing all the pages manually can be too tedious a task. So, here is how you can do this:

  • Access your database with PHPMyAdmin. PHPMyAdmin allows you to review multiple pages at a time.
  • Review pages and posts.
  • If you do find malicious links download the pages/posts locally and clean them.
  • Next, upload it back with the help of a SQL management tool. This step might need some SQL expertise.

30,000 websites get hacked every single day. Are you next?

Secure your website from malware & hackers using Website Protection before it is too late.

Fixing the WordPress SEO Spam Hack

By following the steps given below the WordPress SEO Spam Malware can be removed from the host website:

  • Removing the malicious new files created by the malware as mentioned in the above sections.
  • Checking your Google Webmasters account for any disparities, following our detailed guide to resolving them.
  • Scanning your website for malware and other infections.
  • Check which websites have outbound links to your site, from the Google Webmasters panel

How WordPress SEO Spam affects Your Website Traffic & SEO?

We know hacks leave your website in wrecks. Even after doing a proper hack removal, the intangible effects often last longer. Recovering your website from these after-effects takes a great deal of effort. The intangible effects include decreased website traffic, drop in Google rankings, hit on the brand reputation, dampened customer inflow, etc. 

To measure how badly such hacks affect websites, we conducted a study. We monitored an infected website for days after the cleanup to see how they perform.

This is what we found:

The following analytics show website traffic for a year. Notice the drop in the traffic in later months.

WordPress SEO Spam

This is the website’s data in August this year when it was not hacked. Total clicks are 20.3k, impressions 254k, Average CTR 8%, Average position 15.

We compared this to the data of the month it was hacked. See the dip in the following picture. Total clicks dropped to 11.8k, Impressions reduced to 207k, Average CTR was 5.7% and the position was pushed down to 16.6.

When we narrowed it down to the days the website was hacked, this is what we found. After few days, the average CTR dropped to 4.4% from the original 8%. Similarly, other aspects of the website also felt a dip.

It is quite clear that the consequences of SEO spam are huge. More so on your website’s traffic and SEO. Pulling a website of a hack after trauma takes constant effort prolonged for a period.

Obviously, you do not want to land in such a situation. Yes, you can totally avoid these scary-looking consequences by being a little vigilant for these attacks. The next segment will tell you how.

How to Protect Against WordPress SEO Spam Hack?

Cleaning your already infected site with WordPress SEO Spam hack doesn’t ensure that the infection will re-appear. Hence, taking preventative measures is always a good idea.

Here are some prevention steps you can enforce for protecting your site against WordPress SEO Spam:

1. Install a Firewall:

The most convenient option out there to prevent WordPress SEO Spam Malware infections is to use a Website Firewall, like Astra. A Website Firewall can help you monitor your incoming traffic and it automatically blocks threats and other malicious entities.

Website Security and malware protection Astra Security

On average, a website is attacked by malware 44 times per day. Safeguard yours now with the Intelligent Firewall and Malware Scanner.

See Pricing
Join thousands of sites that trust Astra to manage their security.

Astra Web Protection helps to automatically secure your site and virtually patch software by preventing malicious requests from ever reaching your website.

2. Harden your WordPress Login Page security

Another security measure you can take for protecting your site from WordPress SEO Spam is to secure the login page of your WordPress site. It can also help you prevent WordPress Admin dashboard hack.

Here’s how you can do it:

With Astra Firewall you can enforce the Login Protection for your WordPress and see details of the person/bot who tried to log in to your site with the timestamp and some other information.

3. Set the Correct File and Folder Permissions

Setting correct access permissions to your files and folders not only helps you in preventing execution errors for your WordPress site but also it can help reduce security risks such as infection of WordPress SEO Spam malware.

You may apply following permissions to your WP Files and Folders:

  1. For wp-config.php = 400/440
  2. For all .php files = 644
  3. For index.php = 644/444
  4. For wp-content folder = 755
  5. For wp-includes folder = 755
  6. For wp-content/uploads folder = 755
  7. For all the files in general = 644
  8. For all folders in general = 755

For more info on this, check our blog: How to Fix WordPress File or Folder Permissions – Step by Step Procedure

Want to know more or have a quick question? Talk with our engineers!

We are always online! 😊

Tags: , , ,

Ankit Pahuja

B2B cybersecurity marketing lead with years of experience in SEO, performance marketing, email marketing, lead generation, web analytics & marketing automation. Ankit is an avid speaker and has delivered various talks in top companies, early-age startups, and online events.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Newest Most Voted
Inline Feedbacks
View all comments
5 years ago

I was searching for this on how to reduce the spam, its really hard to run a blog with all these spams. Thanks for this helpful post

4 years ago

In fact, it’s hard to do that.

Naman Rastogi
4 years ago

Yes, it is bit complicated to remove malware in case of SEO spam. Also, you need to submit links to Google search console regularly to fix it.

4 years ago

thanks, spam has been an issue for me. I tried many plugins but none work properly

Naman Rastogi
4 years ago
Reply to  Vicky

Hi Vicky,

Spam is one of the most common issues. Here are a few steps that you can follow to minimize it –

1) Use hidden CAPTCHA in your forms
2) Block the countries that are not relevant from your business
3) Implement firewall that checks the IPs (fake bing/google bots & scrapping IPs) & block them

Here is the feature list of Astra firewall – getastra.com/features

SEO Executor
SEO Executor
4 years ago

And it totally doesn’t help that SEO changes like….every week it feels like haha — but yes, I would absolutely focus on titles and meta descriptions at the very least

2 years ago

Thank you Abhi Chitkara sir it was helpful for me.

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include a vulnerability scanner, firewall, malware scanner and pentests to protect your site from the evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany