I have newly installed WordPress copy on my live server but on google search it show
"this site might be hacked "
message under my site link. i have applied the search console verification method of uploading html file into root folder but this error is not gone. checked into Security options tab it shows "content injection" spam issue with my site but i have not found any accurate method to solve that issue .
Carefully follow FAQ - My Site Was Hacked - WordPress Codex.
Then take a look at the recommended security measures in Hardening WordPress - WordPress Codex and Brute Force Attacks - WordPress Codex
Change all passwords. Scan your own PC. Tell your web host you got hacked; and consider changing to a more secure host: Recommended WordPress Web Hosting
You might find this page valuable, it seems to be talk specifically to the problem you are referring to with the warning: How to Remove Google Blacklist Warnings
This warning seems to be specific to SEO spam. From what I understand there are many different things that might be contributing to this. I think if you do a Fetch as Google via the console you should see exactly what Google is seeing. These Sercuri folks seem to have another guide that might help you too: How to Clean a WordPress Hack
Good luck, keep us posted
Related
I got an email this morning from google search console about 'Social Engineering Content Detected on Your Site' and they link the sent is something like this http://****.co[.]uk/~bettingb/
The website is WordPress website and I searched for the link in my files and database and I only found it in wordfence table wp_wfHits.
Is it possible that google crawled that link from this table?
is this something serious?
Any advice?
Before you act upon cjmling's advice, wp_wfHits is a legitimate table created by Wordfence (a security plugin).
As shown here
The fact that it is in this table means that Wordfence has noticed it, which is exactly what you want. I cannot imagine that this is the only place in the database that has this but it may be encoded elsewhere.
The other thing is that Wordfence may have already cleaned up the issue between Google spotting it and you looking into it. I would let Search Console run again and see if it is found again.
DO NOT think that your site has been fully compromised, change any admin passwords but you'll probably find that it was stuff added as a comment to a post (usual WordPress "hack")
Also, if you really want to be secure, change the database prefix (Wordfence I think has this option out the box) which means you are then not using the standard "wp_" prefix and you can spot things easier!
I'm a new WordPress designer. My site runs Tesseract Theme and is built with Beaver Builder.
PROBLEM: When I post my website (https://louiseclark.tech) on Facebook it removed my site after a couple minutes. Now when I try to post my site it gives me this message--> It looks like a link you're sharing might be unsafe. If you can, please remove this link: louiseclark.tech Note: The unsafe link might be on the page you’re linking to.
What I've done to try and resolve:
When I ran my site through the Facebook debugger I got this message:
The 'fb:app_id' property should be explicitly provided, Specify the app ID so that stories shared to Facebook will be properly attributed to the app. Alternatively, app_id can be set in url when open the share dialog.
I created an app id following this instructional video: https://www.youtube.com/watch?v=V97h03H21y0
I pasted my app id into my Yoast SEO plugin under the Facebook category.
Check my Google Webmaster Tools Sitemap...all is verified and sitemap set.
SSL certificate is set - checked with my hosting company SiteGround. When I asked them about this problem they didn't really feel that the security issues where from their side.
I've reported this problem to the black hole that is Facebook support.
Thank you for any insight.
In case anyone sees this thread, I found the solution.
When I moved my WordPress sites to managed WordPress hosting I also migrated my websites to https with the SSL certificates. While the pages were migrated and displaying the https just fine, the images still held their old url (http).
I did two things:
I installed SSL Content Fixer plugin. This worked for some images but not others.
I installed Better Search Replace plugin. I had found the specific insecure images using Firefox. From my page in Firefox, I went to:
Tools -> Page Info -> Media This showed me every image/js/css call on this page. Finding these images allowed me to use the plugin to make the changes.
It worked. I'm quite sure knowing how to code my site would be much better in this situation. But I'm a newbie and this is what I could come up with.
What I learned: It's a flag when you have a secure site that embeds non secure objects/images.
Two days ago we posted a new blog on a site with the aim of being picked up for the search term "live comedy in chippenham". It’s been indexed by Google and we’re now 2nd in the results for the search query. The bad news is that for some reason the post has been indexed as a https URL so all browsers give a warning when the link is clicked.
Firefox gives this error:
The owner of www.neeld.co.uk has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
The host has confirmed that it's not a server config error and we have other posts and pages on the site that are being indexed correctly. We're using WordPress and the Yoast plugin. I can't see anywhere in Webmaster Tools that could be causing the problem.
Can anyone offer any advice please? If you search Google for "live comedy in chippenham" you'll see the issue (it's the link https://www.neeld.co.uk/live-comedy-in-chippenham/)?
It's a really strange one but something I've experienced before.
It has mostly likely been caused by an external link to the page using https protocol which Google has followed before indexing the page. Google are very keen to index https pages at the moment so we might start seeing this kind of issue more often.
There's not a lot you can do other than wait for Google to realise their mistake and list the correct URL in the SERPS. You can help speed this along with a canonical link (which I can see is there), XML sitemap (which you've got) and a server level redirect of https to http.
Do not try to remove the page in Webmaster Tools as this won't have the desired effect and will stop Google reindexing the page properly.
Hope this helps.
I just want to start of by saying that I'm a complete noob when it comes to programing, and don't have a lot of experience with HTML or CSS. I know this place is a bit more advanced and geared mainly for programmers and developers, but the only reason I come here is because I couldn't find an answer in any of the other forums. I don't know if I can solve my problem by editing the CSS file in wordpress, but I'm hoping that some of you can chime in and let me know. The problem I have in a nutshell is that when I post a link of my blog to facebook, facebook doesn't generate the correct data or show any image preview. Here's the post I submitted at the wordpress forum:
I just got a new website, and setup a new wordpress blog on their server. It took a while, but everything is up and running for the most part. I am however, having a really hard time getting any of my post preview to show up when linking to facebook. My website is http://www.limonphotography.com/blog. When I run the same link through facebook's debugger, I get the following error sometimes:
Could Not Follow Redirect Path: Using data from .http://www.limonphotography.com/blog/ because there was an error following the redirect path.
Circular Redirect Path: Circular redirect path detected (see 'Redirect Path' section for details).
Could Not Follow Redirect: URL requested a HTTP redirect, but it could not be followed.
My wordpress URL is :http://limonphotography.com/blog but I made the site URL pointing to :http://www.limonphotography.com/blog since it's easier. Original blog is hosted with the site I have my hosting with, so the original WordPress is at http://mukul12031.c4.cmdwebsites.com/blog. Can anyone tell me why I am getting these errors, or why the preview is not showing up?
Again, I apologize if this is too simple of a questions, but I just can't figure it out on my own. If anyone can help me, I would be very grateful. Thanks a lot.
My advice would be to try appending a trailing slash to your og:url tag (example: "http://mysite.com/"). Sounds stupid, I know, but it's worked for some
Another thread on this issue has yielded the following information, courtesy of Lizzbizz on this Wordpress Support thread:
"From what I can tell, this turned out to be a problem with GoDaddy
hosting services. They were applying a 302 Redirect Filter to the
server that was hosting my domain and it caused the problems. After I
emailed them a few times they finally fixed it. Try googling "GoDaddy
302 Redirect Problem" and you will see lots of other posts!
If you are not getting the 302 problem, but just have trouble getting
the image or description to appear when you share a link on Facebook,
you can use one of the WP plugins for Open Graph data like Simple
Facebook Connect or Facebook Open Graph Meta in WordPress and that
should fix it!"
An issue was brought to me involving malware on a WP environment. When I search the brand in Google and click the corresponding link, I'm redirected to a 3rd party spam site.
This has been happening for a while (over a week), but my site hasn't been put on Google's blacklist. Additionally, site scanners like , Norton Safeweb, etc. all claim the site isn't compromised.
Additional details:
I found and deleted some suspicious PHP eval() functions and then did a search and replace in my pages and database for any remaining code. After the site cleared into un-blacklisted status with Google I thought it was all over, ran updates and took numerous measures to protect the site from future infection.
However the issue still persists.
Were the nameservers ever changed by the malware or attackers? Google could have the wrong DNS information for your domain and thinks its hosted at said spam site? Resubmit your site to Google or report the issue to them to resolve (may also be resolved automatically next time Google tries to crawl your domain)?
It is a strange issue I have not seen before either, have you looked at your .htaccess file in the root directory? It is also possible that this has a rewrite condition that if the referrer is Google to redirect you to the spam site.
Solved this issue. At the time when this happened, this redirect attack was fairly new.
HTTP requests from visitors who passed referrer data from Google Search or Bing were being redirected, some of the time.
By targeting only those coming in from search, the webmaster or site owner is less likely to see the issue (until informed by a third party), while still manipulating a decent amount of the traffic (50% of traffic for most sites comes from search engines).
When I originally posted this question in 2012, this attack was new and because the redirect was being served server-side (directly in a lone PHP file, not via .htaccess), malware signatures from scanners didn't detect this.
Running Maldetect (with an updated database) was the best way to quarantine this issue and analyze the extent of the damage caused by malware.
This issue seems due to wp-vcd Malware that creates rogue WordPress admin users and injected spam links. I faced the similar issue and it got resolved after following these steps.
The files you should check for and delete:
wp-feed.php
wp-vcd.php
wp-tmp.php
Multiple copies of class.theme-modules.php, and
remove a bunch of code from the start of all the functions.php files.
For details you can find on this issue at following links...
https://wordpress.org/support/topic/wp-feed-php/
http://labs.sucuri.net/?note=2017-11-13
http://labs.sucuri.net/?note=2017-11-13