Dirty WordPress Hack Going Around, Cloaked to Search Engines

Recently there’s been a WordPress hack going around which has been using cloaking to target Google IP addresses. That means, the spammers/hackers are somehow getting into your WordPress blog, and generating a bunch of spam content and links that only Google can see.

This particular hack uses some particularly dirty methods which include inserting spam keywords into your own content, which is probably to control your keyword density.

Also they don’t seem to place more than a couple spam links on the page, which is probably because they don’t want you to get banned (so you can still pass link juice to them). Kind of like a parasite not trying to kill it’s host.

I’ve made a quick screencast to go over what the hack does and how to see if it’s happened to your site.

What We Know So Far

• Altered content is only visible to search engines like Google and Yahoo, regular visitors won’t notice.
• There are probably “rogue” files on somewhere on your WordPress install that need to be deleted.
• Existing WordPress files may be altered with encrypted code added.
• There might be duped admin accounts on your WordPress install as well that need to be removed.

If you have any other information, please leave a comment below. I’ll update this post with new information periodically.

Related posts:

1. Optimizing WordPress for Search Engines
2. WordPress Security Alert – Vulnerability in 2.3.3
3. How to install a WordPress plugin