WordPress Spam Injection, Part Deux

MIHMORANDUM NO. 142 | October 10th, 2008Reader Comments (9)

I wrote awhile back about getting banned after a spammer injected a scummy footer into my WordPress blog.    Despite upgrading to the latest version of WordPress, it seems to have happened again.  I’ve filed all the necessary reinclusion requests with Google; I’m obviously hoping for the same outcome.

The offending links aren’t showing up in my current page source, only in Google’s cached view of my blog.  Probably the spammer has some automated process for determining when a site has been booted out of the index and so he removes his links in an effort not to get caught.

The spammer is using a specific div id name to inject his garbage.  Given that, do any of you harder-core programmers out there have an idea of how to create something that will BLOCK the insertion of a particular div onto a page?  I will happily buy you drinks all night long at the next search conference if you can tell me how to fix this problem.

It is really annoying.

9 Responses to “WordPress Spam Injection, Part Deux”

  1. Stever says at

    “Probably the spammer has some automated process for determining when a site has been booted out of the index and so he removes his links in an effort not to get caught.”


    Probably the spammer is using IP cloaking so that footer file with the bad link only gets seen by Googlebot. maybe.

    What I would like to see is a wordpress plug-in that removes ALL hints that a site is powered by wordpress. That should extend as far as renaming all theme and upload folders like “/wp-content/themes/” even rename the login page file name, etc… That would heavily limit the automated bots out there looking for WP sites to exploit.

    Speaking of which, David, check your header.php template file, you have the generator = WP 2.5.1 meta tag in there twice.

    Taking that tag out altogether can help avoid some WP hacking problems as they don’t know what version your using, thus not sure which hole to exploit.

  2. MiriamEllis says at

    No advice, just major sympathy, David. Grrr! I’m so sorry you’re having to deal with this.


  3. David Mihm says at


    I really appreciate you stopping by and taking a look at my source code. I didn’t realize that I was even publishing the WP version meta at all. The spammer would be particularly insidious to only show that content to Googlebot, wouldn’t he. Wow.

  4. martijn says at

    be aware that a lot of the times its not the wordpress core that has some security issues but plugins that are installed. might want to check those out.
    I’d recommend taking a look at this page, and especially the wp-security-scan..

  5. Douglas Karr says at

    Hacking plugins is getting pretty common with WordPress. I have a WordPress blog as well as my Compendium Blog and appreciate the security and control that Compendium has put into place.

  6. Gwun says at

    Ps. I would also recommend checking out WP-DBManager. You can find it here.

  7. David Mihm says at

    Thanks for all the tips about plugins, guys.

  8. Dennis Yu says at


    Wow– that is terrible. All I knew, before being enlightened by your post, was to put the admin url on something other than /wp-admin and remove obvious references to wordpress in the meta information.

    I love your blog, by the way– ultra informative to small businesses! You should expand beyond Portland!


  9. Gab Goldenberg says at

    Sorry to hear that David. I’d speak to Andy Beard, if I were you – he’s an expert on WP blog security. Check him out at Andybeard.eu

Leave a Reply

You are here: Home > Blog > WordPress Spam Injection, Part Deux