Learn about sitemap injection, which can register incorrect pages from your WordPress site in Google’s search results without your permission, and how to deal with it.


Damage caused by sitemap injection

A sitemap is a mechanism for letting search engines know what pages are on your site.

The location of the sitemap can be indicated in a file called robots.txt

User-agent: *Sitemap: http://yoursiteurl/sitemap.xml 

If a hacker breaks into your site and rewrites this sitemap and sets the search engines to read the incorrect sitemap by writing settings in the robots.txt file as shown above, the search engine will register the incorrect page in the search results.

This may cause your site’s search results to be contaminated, which may result in a drop in the ranking of the original page, a drastic decrease in the number of hits because users cannot reach the page they want to reach, or damage to your site if users who access the malicious page download a virus or have their personal information stolen. Users accessing an unauthorized page may download a virus or have their personal information stolen.

Malware that illegally creates sitemaps and registers them with search engines

Sitemap-creating malware can exist as a stand-alone malicious program in a server, or it can be a parasite on legitimate files.

The code for this malware is

1.Create a list of malformed sitemap URLs
2.Create a malicious sitemap with that list
3.Create a configuration to make search engines such as Google read it, or to read it.

In many cases, the program is a three-step activity.

If your site’s search results contain many malicious pages, you need to find and remove this script that has been embedded in your server.
The easiest way to do this is to use a malware scanning plug-in to perform a comprehensive scan and remove it.

Free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].

WordPress malware changes its code daily to evade these inspections. If the above plug-ins do not remove the malware, we recommend that you consult a specialist.

Search results will not be restored immediately after removal of sitemap injection malware.

Search results will not be restored immediately after removal of the malicious script (malware) that is responsible for the sitemap tampering and the tampering.

This is because search engines will not remove the malicious pages from the search results until they re-read your site’s sitemap and crawl the server to confirm that the malicious pages are not on the server.

In our experience, it can take up to a month or so for the contamination of the search results to be all but eliminated.

It is also important to plug vulnerabilities on your site after malware removal!

If a malicious sitemap was hosted on the server, it means that the site has a vulnerability that allowed hackers to enter.

If this vulnerability is not plugged, the infection will be repeated.
If you are infected with malware, be sure to take measures to prevent vulnerabilities (security measures) in addition to removing the malware.

Reference
Five free WordPress security measures