AntiVirus For WordPress Detects Mischief

I have several blogs under my management, each of which is underpinned by WordPress (WP), the content management system. I have extolled the virtues of WP for several years now, glad that I abandoned Blogger for this particular arrangement.

But, WP isn’t without its share of problems, most notably its vulnerability to being exploited. Many of the updates accomplished over the past few years were rushed into place when a security issue was suddenly uncovered. A quick patch and your WP was updated; your blog safe as long as you took security problems seriously and uploaded the changes.

Google SERPs

Recently, I uncovered a problem with one of my blogs that would not have been discovered had I not stumbled upon it in the first place. It seems that some of the descriptions in Google’s SERPs had been changed from article snippets to describe porn terms.

If you are not sure what I mean, do a site search (site:yoursite.com) to see the two-three line description of what your articles are about. That description should match the article, but in the case of this website some of the filthiest terminology has replaced what should be there. Yes, you have to add a dirty word to find out if your SERPs have been hacked, but include the word porn and you’ll know for sure (site:yoursite.com porn).

Frantic, I began to search the internet for answers but found very little support. Google’s site, as usual, wasn’t much help as they explained that such descriptions are generated from the website. Which got me thinking: could there be a bit of malicious code embedded in that blog? Might that code be messing with the SERPs?

AntiVirus Plug-in

Cutting to the chase, I turned to the AntiVirus For WordPress plug-in developed by Sergej Müller for help, thinking that a rogue comment got through. Turns out that my comment files were fine, but the plug-in turned up a problem with coding in the sidebar. Specifically, “AntiVirus” scans through your WordPress theme to detect problems and it was the sidebar.php file that was shown to be infected.

Isolating the problem, I discovered that a script used to rotate ads was infected. This script was built by a web designer so we removed it (from my client’s blog) and ran the virus check again—all clean. My client will work with his designer to make sure that the replacement code passes muster.

The SERPs still reflect the other junk, but I’m sure within a few days the site the problem will pass when Google Bot crawls the site. Thankfully, most visitors wouldn’t see the problem in the first place and, if they should click on the description, they’d still be able to see the blog’s pages as normal.

Whacking Mischief

Still, who wants to have their site associated with porn? Plus, you have to wonder if such mischief would eventually cause your pages to sandboxed by the search engines. Ouch.