Spamming in WordPress platform
How To Fix the Spamming in WordPress?
Be careful while selecting any free Premium WordPress Themes because the theme can be no doubt free but you don’t know if it’s spam- or script-free too. Else you too will have to invest your time in researching the reasons like me or recovering your losses due to these scam scripts. In most cases, spam scripts are always there if you get a premium theme or plugin from the internet for free.
So, next time if you get any premium theme or plugins from the Internet for free make sure it is spam-, script-free. Otherwise, you have to pay much more than the original cost of the themes and plugins. As in the traditional way you check the theme with your anti-virus software and get a green signal “No Virus Detected”. So you stop here and get it, but the reality is some spam scripts are not detected by anti-virus, google webmaster tools, or any WordPress security plugin.
Here is an example: I got an amazing impressive theme used by labnol for free. And the offer for me no doubt was like a “BUMPER PRIZE”. I tested it with anti-virus and Google fetch and it showed no error and according to me, I became a saver by saving $200. I was really happy with the theme and was using it over my official website. But after one month I realized that my traffic decreased by 80% !!! This was the time when I was to search for the reasons. Why is my traffic drowning at such a drastic rate…?
If you are facing a similar kind of problem as above, do not worry. This tutorial will tell you how to find and fix the spam scripts in your theme or plugin.
Types of spam scripts in themes
Scam Script implementation can be done in several ways.
- Some spam scripts are placed inside the theme or plugin for traffic and back link .
- Other scripts can take control of your site and these are more dangerous as it can destroy your website or blog. Two ways how hackers place these scam scripts:
Finding and removing spam script in WordPress themes and plugins, here's how:
- Firstly, open your IDE. I choose Notepad++ because of its light.
- Next, go to search and click the “Find in files” menu.
- Now Find in files Box will be open in Find What enter the keyword eval.
- Now choose your theme or plugin directory.
- After that, click on find all.
- If the result comes click on the link in the result bar. You will see the encrypted line.
- Lastly, remove it.
Curl is a computer software project providing a library and command-line tool for transferring data using various protocolscurl has no use in your WordPress theme. Although some SEO plugins use curl for making a connection with a remote server. This method without a doubt will remove the encrypted script but my recommendation is that you use genuine plugins and themes. Hope this helped you solve the Spamming issues in WordPress CMS.
To all WordPress platform users and administrators
Please be aware: Dear valued customers, our security team found that there is a high number of cases reported on Spamming from WordPress platform users. After further investigation and analysis of the reported cases, they found that the spammer is targeting WordPress core files, which is “/wp-includes/” folder as well as other Core WP folder: “/wp-content” and “/wp-admin”. The best way is to remove all the existing files from the hosting space and download the latest version directly from the WordPress website. It is not recommended to re-install using 3rd party clients, such as Softaculous or RVSiteBuilder, or any other similar applications.