: Google indexing the home page multiple times with spammy and trademarked parameters I am helping a client figure out some weird URL issue and I am stumped! Google Webmaster tools shows a couple
I am helping a client figure out some weird URL issue and I am stumped! Google Webmaster tools shows a couple of hundred "pages" that essentially don't exist and look pretty spammy, also using wording that is apparently trademarked. We suspected it was a hack, so we cleaned up the site. But the pages are still showing. Some examples of these naughty-looking URLs:
www.example.com/?page=vista-group-payday-loan
www.example.com/index.php?page=us-cash-loan.com
The first link came up with a cease and desist from the trademark owner. The rest came from HTML Improvements area in Google Webmasters as "Short Meta Descriptions."
The pages themselves don't show anything malicious, in fact it just shows the website's home page. The site is built in Wordpress and the pages don't actually exist. We now suspect this was the work of a previous SEO company. But that's about all I have - I can't figure out WHAT it is (keyword ads? link building?). I'm not an SEO expert and my skills are limited, but I thought perhaps you guys may know what the heck these URLs are, and I need to remove them STAT.
More posts by @Gonzalez347
4 Comments
Sorted by latest first Latest Oldest Best
Simply moving your site around to a new ISP or reloading WordPress as a fresh install is usually insufficient to stop a hack like this. Something, somewhere in your site is subject to a remote exploit and/or you're not actually cleaning anything with your attempts. If you have a vulnerable theme or plugin file, the hackers can activate it no matter which host you move to and inject the hack. If you are not actually cleaning anything with your attempts, the hack is still there and dormant.
With a few exceptions, I would not trust an ISP to scan and fix WordPress hacks unless they are pretty obvious file modifications. Remote injections that take advantage of poorly coded plugins can be subtle and hard to deal with. You would be better off doing one of the following steps:
Move your site to a host that provides dedicated WordPress plans that include security monitoring and remediation. These include companies like WPEngine, Pressable, Pagely, and a bunch of others (I have no affiliation with any or all of them). If you have a known-bad plugin or security issue, they will discover it in short order. If not, they will help you close the security issue once you report it on their hosting platform. It's worth the slightly higher hosting cost
Contract with a security service to audit and clean/harden your site. The two I know of that do good work are Sucuri and WordFence. Sucuri's been around longer, WordFence is new to the "clean the hacked site" game but they're good and trying hard to knock Sucuri off the top. So either one would be a good choice for a one-time expenditure to fix this issue that basic steps have yet to fix.
Good luck.
Replace files to default WP files, including wp-admin and wp-includes. Keep wp-config.php file.
Try changing the theme or downloading a new theme zip folder and upload that folder to wp-content/themes delete old theme folder and replace it the new unzipped folder.
Do an audit to all plugin, delete the ones you are not using anymore/outdated
Delete any unauthorized user and duplicated tables in the database.
Do a search LIKE %Search Term% to all database and try to spot the problem inside the database record.
Change Host o Increase WP security via Plugin or Htaccess file.
Regardless of whether you were ever hacked, those links will also be coming from other sites. They don't hack your site only; they hack sites by the thousands (using automated methods which attack known bugs of popular CMS's) and have each site link to each other in a classic link exchange SEO strategy.
So potentially hundreds of other sites also link to these now-gone spam URLs. You can't do anything about that. Because of that, links from other sites to your site are not counted against your site. (just not for it either; so if you enjoyed a temporary unnatural boost, expect it to rollback.)
As long as you make sure your site is clean, the bad URLs serve the same page as without the ?... etc., you will get inquiries for those bad URLs indefinitely, but your site should be ok.
First, check to see that you have actually cleaned up the hack. Even though the pages may look normal to you, malware on websites is often configured to server spam only to Googlebot. Log into Google Search Console and use the "Fetch as Google" feature on those spammy URLs to ensure that Googlebot is seeing the homepage just like you.
If the hack truly is cleaned up, you now have lots of duplication in Google's index. Google should sort it out on its own eventually, however you can help it along. One of the easiest ways is to put a meta link rel canonical tag in each of your pages. The tag on your home page would be:
<link rel="canonical" href="http://www.example.com/">
The tag on a deeper page might be:
<link rel="canonical" href="http://www.example.com/deep-page.html">
That way when Googlebot fetches the home page multiple times at different URLs, it will know that all those are the home page. It will index the preferred canonical URL for the content that you have specified.
Since you are using WordPress, there are many SEO plugins for it that add these canonical tags for you. You would need to search for one and install it.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.