How to find hacked WordPress pages containing spam

1 Views

No sooner is my website fully functional that it gets hacked. If you do a Google search with the link below, the results show spam keywords in the pages throughout such as “casino”, “blackjack”, “slot”, “deposit”, etc. But if I look through the pages, I don’t see any of the spam.

Here is the Google search result:
https://www.google.ca/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=site%3Arichardrosenman.com%20richard%20rosenman

Read More

I am not very advanced with WordPress or PHP and I have tried searching. Can anyone help me figure out where it was hacked and how I can clean and protect it?

Post Views: 1

Related posts

Leave a Reply

2 comments

  1. Since ‘social.png’ is included and there are spam keywords you probably are experiencing a CryptoPHP hack. There’s much to find about it (in combination with WordPress) and, fortunately, how to clear it.

  2. Same happend with one of my client, he has only 15 posts in backend but google shows some wierd keywords and post which is crawed. To check this kind of posts/pages you have to look in the database. wp_posts table holds all the custom post types, pages etc, and display only the post that has publish status in post_status section.

    To retrive all the published pages or post use the following query. 

    // will display all posts/pages etc.
SELECT * FROM `wp_posts` WHERE `post_status` = "publish" 

// Display only Pages
SELECT * FROM `wp_posts` WHERE `post_status` = "publish" and `post_type` = "page"

// Display only posts
SELECT * FROM `wp_posts` WHERE `post_status` = "publish" and `post_type` = "post"

    Now you know how to filter data, every record from this filtered data has a column post_author that holds the ID of the user that published that post/page.

    Go to the wp_users table and check your user_login name and get the ID of your administrator account. And again filter the run a query in wp_posts table to filter the anonymous users data. 

    // Make sure you have only one administrator, replace 1 with your user id
SELECT * FROM `wp_posts` WHERE `post_author` not in (1)

// If you have multiple administrator then use the following, replace 1,5,6 with admin ID's
SELECT * FROM `wp_posts` WHERE `post_author` not in (1,5,6)

    And final step is to delete that.

    Important: Before Apply this action make sure to take backup first, so just in case you can retrive that data later.

    Hope this help you.