We have been consulted about a new type of malware that hooks the search results of site searches in WordPress to search engines, and here is a case study of it.


Registering WordPress search results to search engines without permission

WordPress outputs the search query in the page, so no matter what string of characters you search for, the query will appear in the site’s pages.

A type of malware called an SEO hack has been discovered, which is a method of outputting this arbitrary string on an arbitrary site and hooking that page into the search results.

Check for rogue pages in the search results.

If a large number of such malicious pages are registered in the search results, your company’s pages that users originally want to visit may appear at the bottom of the search results.
This will prevent users from accessing legitimate pages.

First, check to see if your company’s site is registered with search engines for such illegal pages.
A Google search using the following query will show all pages registered with search engines for that domain.

site:The domain of the site you want to check

What if a large number of invalid pages are registered in the search results?

Check your site for malware infections with the WordPress malware scanning plugin.

Free] WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal].

Prohibit Google from displaying WordPress search results pages in search results.

You can also use meta tags to prohibit search engines from displaying WordPress search results pages in their search results.

The following code can be included in your theme’s Functions.php to prohibit search engines from registering WordPress search results by outputting a noindex meta tag.

// Do not register search results with search engines
function noindex_searchresult(){
    if( is_search()){
        echo '';'
    }
}
add_action('wp_head','noindex_searchresult', 3 );

This meta tag is only recognized by search engines when they crawl the page again. Therefore, it is not guaranteed that search engines will immediately exclude invalid search result pages.

We recommend that you consult a specialist for WordPress malware removal or if you are seeing malicious pages in the search results.

Related Posts:

  1. What is Japanese SEO Spam, a type of WordPress malware?
    We will explain about Japanese SEO Spam, which is a malware that embeds fake Japanese product sites in WordPress....
  2. WordPress, dealing with spam indexing, where pages you don’t remember creating get caught in search results.
    We will explain how to deal with spam indexing, a common symptom of recent WordPress tampering, in which pages that you do not remember creating are caught in the search results....
  3. WordPress site defacement hacking for SEO purposes. what is SEO spam?
    The most common type of WordPress tampering these days is the hacking of WordPress sites for SEO purposes. We will explain this SEO spam....
  4. How Hackers Discover Your WordPress Site Dork
    It is dangerous to run a WordPress site and think that it will not be targeted because of low traffic. We will explain why low traffic does not necessarily mean that your site will not be hacked....
  5. What to do when a WordPress site displays a red screen saying “This site may cause damage to your computer.
    This section explains how site operators can deal with a red screen on a WordPress site that says “This site may cause damage to your computer....
  6. What is a WordPress injection attack?
    There are various methods by which WordPress can be hacked, the most common of which is called an injection attack. This section describes these injection attacks....