Learn about sitemap injection, which can register incorrect pages from your WordPress site in Google’s search results without your permission, and how to deal with it.


Damage caused by sitemap injection

A sitemap is a mechanism for letting search engines know what pages are on your site.

The location of the sitemap can be indicated in a file called robots.txt

User-agent: *Sitemap: http://yoursiteurl/sitemap.xml

If a hacker breaks into your site and rewrites this sitemap and sets the search engines to read the incorrect sitemap by writing settings in the robots.txt file as shown above, the search engine will register the incorrect page in the search results.

This may cause your site’s search results to be contaminated, which may result in a drop in the ranking of the original page, a drastic decrease in the number of hits because users cannot reach the page they want to reach, or damage to your site if users who access the malicious page download a virus or have their personal information stolen. Users accessing an unauthorized page may download a virus or have their personal information stolen.

Malware that illegally creates sitemaps and registers them with search engines

Sitemap-creating malware can exist as a stand-alone malicious program in a server, or it can be a parasite on legitimate files.

The code for this malware is

1.Create a list of malformed sitemap URLs
2.Create a malicious sitemap with that list
3.Create a configuration to make search engines such as Google read it, or to read it.

In many cases, the program is a three-step activity.

If your site’s search results contain many malicious pages, you need to find and remove this script that has been embedded in your server.
The easiest way to do this is to use a malware scanning plug-in to perform a comprehensive scan and remove it.

Free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].

WordPress malware changes its code daily to evade these inspections. If the above plug-ins do not remove the malware, we recommend that you consult a specialist.

Search results will not be restored immediately after removal of sitemap injection malware.

Search results will not be restored immediately after removal of the malicious script (malware) that is responsible for the sitemap tampering and the tampering.

This is because search engines will not remove the malicious pages from the search results until they re-read your site’s sitemap and crawl the server to confirm that the malicious pages are not on the server.

In our experience, it can take up to a month or so for the contamination of the search results to be all but eliminated.

It is also important to plug vulnerabilities on your site after malware removal!

If a malicious sitemap was hosted on the server, it means that the site has a vulnerability that allowed hackers to enter.

If this vulnerability is not plugged, the infection will be repeated.
If you are infected with malware, be sure to take measures to prevent vulnerabilities (security measures) in addition to removing the malware.

Reference
Five free WordPress security measures

Related Posts:

  1. WordPress, dealing with spam indexing, where pages you don’t remember creating get caught in search results.
    We will explain how to deal with spam indexing, a common symptom of recent WordPress tampering, in which pages that you do not remember creating are caught in the search results....
  2. Type of malware that hooks search results of site search in WordPress to search engines.
    We have been consulted about a new type of malware that hooks the search results of site searches in WordPress to search engines, and here is a case study of it....
  3. What if the search console warns me of a large number of non-existent noindexed search result pages on my WordPress site?
    Here is what to do if your WordPress site is being warned by Search Console of a large number of noindexes on non-existent WordPress search results pages....
  4. WordPress Examples of redirect hacks where WordPress WordPress redirects to another site without permission and how to deal with them.
    Recently, there have been an increasing number of cases where sites have been tampered with, redirecting users to a fake Windows virus removal page or PC repair page only when accessing the site via Google. In this issue, we will deliver an explanation of this case and countermeasures....
  5. What is a WordPress injection attack?
    There are various methods by which WordPress can be hacked, the most common of which is called an injection attack. This section describes these injection attacks....
  6. WordPress, content from your site is replaced and displayed in search results.
    If your site’s Google search results show a large number of pages that you do not remember creating, it is possible that your site has been tampered with....