We will explain how to deal with spam indexing, a common symptom of recent WordPress tampering, in which pages that you do not remember creating are caught in the search results.
Spam indexing, in which a large number of pages you don’t remember appear in search results
If one day, when you search for your company or site, a large number of e-commerce product pages that you do not recognize appear in the search results, you may have been the victim of a hacking attack called spam indexing.
First, please make sure that the unauthorized search results are directed within your site’s domain.
If not all of the malformed search results are in your site’s domain, then the WordPress that is being tampered with may be a site run by someone else.
However, if it is linked to your domain, it is more likely that your site has been tampered with in order to hook the search engines to the malformed page.
How is spam indexing accomplished?
Spam indexing, in which pages you don’t remember creating are trapped in search results, is often caused by a site being tampered with in two ways.
1 Incorrect pages or URLs have been written into the sitemap distributed by WordPress or by a plugin.
There are two types of sitemaps, those generated by WordPress and those generated by plug-ins, and in most cases, they are distributed with either of the following two URLs.
https://YourSiteURL/sitemap.xml https://YourSiteURL/wp-sitemap.xml
2 The actual illegal page is written to the server.
In this case, a large number of HTML files with the name Fox 404,Fox or a random string folder with a hyphenated name are often written to the server.
Examples of invalid file names
/hYuj67/somename-somename-somename.htm
Get rid of spam indexing
After backing up the site, it is necessary to investigate the programming file that is rewriting the sitemap and remove the malicious code, and if the malicious page is hosted on the server, it is necessary to delete the entire folder.
Because of the variety of these folders and files and their changing locations, it is often difficult to detect them visually.
Examples of files that are often tampered with
wp-config.php index.php Theme functions.php
Free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].
In some cases, you may be able to detect and remove the malware by
We would appreciate it if you could try this.
When do malicious pages disappear from search results?
Even if we remove the tampering from your site, we cannot remove it from the search results because only the search engine operators can correct the information.
First, make sure that the malicious page in the search results is 404’d on your site and disappears from the server after the link is clicked.
The search engine will then automatically crawl your site again to confirm that the page is no longer there, and the malicious page will gradually disappear from the search results.
You may be able to speed up the crawling process by submitting a sitemap from the Google Search Console with the malicious pages removed and having the pages checked, but if there are a large number of malicious pages, it may take a month or so for all the malicious pages to disappear from the search results. However, if there are a large number of invalid pages, it may take about a month for all the invalid pages to disappear from search results.