September 13, 2014

WordPress based website tagged as hacked or infected?

WordPress based website tagged as hacked or infected?

Is this your problem too?
Your theme is behaving odd when you inject a parameter to your URLs like ?p=something. Every time your site is giving response on anonymous query string too, although it should deny them. By this, spamming requests are being entertained, and Google is repetitively sniffing your stuff and tagging you as hacked or infected.

There could be 3 Reasons:

  1. Your .htaccess file is not properly managed for such unexpected errors and error handling.
  2. Your theme is not parameters specific.
    If you are using pretty permalinks, then it should simply deny parameter “p” with non-numeric values. But it is accepting
    discount-ugg-lynnea-008521.html and all kind of query strings which is leading to injection through query string.
  3. A number of security plugins are installed but not configured properly so attacks are still welcomed.

Lets have a deep look in it:
As it has nothing to do with Error 404 else the error 404 is already implemented.
e.g. (will give 404)
There are 3 identities

  1. Pages
  2. Posts
  3. Pages & Posts with parameters

First two items can manage unknown requests with error 404

But when you will pass them a query string, that will give you a new page with same content. Google always mind the repetitions if you are not informing that its the same page and further parameters are its children.

Suggested Solution:

  1. Theme will be inspected as whole and such anonymous requests will be redirected to error 404.
  2. A list of white list parameters will be established by studying whole theme to keep the existing functionality working.
  3. .htaccess will be modified for pretty permalinks so only existing content will be queried not the anonymous
  4. Indexed URLs will be removed from webmaster tool
    1. By putting no-index in robots.txt (temporarily)
    2. By using Google webmaster tool
Last updated: September 14, 2014