Results 1 to 3 of 3
  1. #1
    Join Date
    January 17th, 2005
    Upstate SC
    Nasty Hidden Exploits - Wordpress Users READ
    I host a couple of WP blogs for friends, one came over today and as I was working on it, I grabbed the source for one of the pages. It had a TON of links in the source. They were all in a hidden div. A couple thousand links using style='display:none'. Attached partial screenshot of links injection text.

    They were injected into the header include, which I easily deleted. I decided to check other blogs and didn't have any problems. However after researching the problem, there are other variations that cloak the source - only visible to googlebot. These are very nasty.

    Checking the Google cache of one of my other blogs, then clicking the text only link, I see several hundred links in the cache at the bottom of the page. This is NOT in the source on my pageviews, and is handled by hacks in the db and plugins. Major garbage here, and I had no idea. Image of the google cache, text only showing what is after my footer, attached.

    These are older versions of wordpress, so the latest updates may be immune, but you may want to check anyway. Check your source and check the text-only version of Google's cache on your home page and a couple posts.

    This site has some useful info and links on removing:

    But note, you won't see the hidden div links like were placed in the header this way. You have to check the source code too.

    Check your blogs and keep your WP up to date.
    Attached Images Attached Images
    [url=]Drastic Tactics[/url] - Performance Marketing Since 1998

  2. #2
    15 years and counting
    Join Date
    January 18th, 2005
    I've the latest versions 2.6 and 2.61 and I've the same problems. You have to check your code very often and not only the header. As soon as your blog has some decent traffic you're the target of these hackers. Check for iframe injection in your posts, too. Also, they can take over your xml site map. Check it quite often. For that, Google Webmaster tools are quite helpful. Google can detect these problems and warn you before it's too late.

  3. #3
    ABW Ambassador ladidah's Avatar
    Join Date
    October 14th, 2007
    Sheesh yet another thing to worry about with WP.

    Thanks for the heads up.

    I sometimes wonder if I should just go back to html or find another cms. Those darn hackers.

  4. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. The Nasty Gals Only Sale at Nasty Gal - 25% OFF
    By JCrooks - AffiliateWindow in forum Promotions, Sales, and Coupons on Affiliate Window
    Replies: 0
    Last Post: October 25th, 2013, 02:10 PM
  2. Google employees convicted for content uploaded by users...interesting read.
    By PDXreader in forum Search Engine Optimization
    Replies: 5
    Last Post: February 24th, 2010, 07:46 PM
  3. Hidden backend sales and Hidden OTO costs
    By Stratplayer1 in forum Midnight Cafe'
    Replies: 9
    Last Post: October 13th, 2008, 12:25 PM
  4. Another tip for Wordpress users
    By Zeus in forum ShareASale - SAS
    Replies: 6
    Last Post: August 17th, 2008, 02:24 AM
  5. Replies: 4
    Last Post: August 16th, 2008, 10:41 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts