Hidden Spam in Wordpress (display:none)

September 15, 2008 in Spam, Wordpress | No comments

It all started with a bandwidth problem…
A friend of mine has a small Wordpress blog that gets around 250 unique visitors per month. In August 2008, her bandwidth usage suddenly went from around 200 MB per month to 2GB per month.

After doing some research, we realized that someone had managed to inject spam links and hide them using display:none. These links were not visible:

  • when editing posts and pages within Wordpress
  • when viewing the pages in a browser

But they were certainly visible in the source code of all her blog’s pages. When we did a “View source” on her pages, this hidden spam looked like this:

<u style=“display:none”> (followed by spam links)

But it didn’t include just one spam link. It included hundreds if not thousands of spam links. So every time someone viewed one of her blog’s page, a lot of bandwidth was used, making her bandwidth usage go through the roof on the 15th of every month.  In the long run, this could also have had an impact on her rankings in search engine result pages.

Removing the hidden spam
In her case, the spam links had been injected in the footer of her design. If you think you may have the same problem, view your website in a browser and check out the source code (”View” > “Source”). If you see spam (probably near the bottom), login to your Wordpress account and go to “Design” > “Theme Editor” and “Footer”. If there is spam, delete it and update the file (if it is editable).

If it’s not there it may be in another one of your design pages or in the posts themselves.  Indeed, I had the same problem with an earlier version of Wordpress but in my case, the spam was in each post and was visible within Wordpress. So I had to go into each post and remove it.

Preventing the hidden spam
Here are a few tips to prevent the hidden spam:

  1. Upgrade to Wordpress 2.6
  2. Make the design files in the theme editor non-editable (CHMOD 644). By default, the design files should be non-editable, meaning you should not be able to edit them from within Wordpress.  If they are editable, it probably means you made them editable using an FTP client, in which case you should revert these files to 644.
  3. Install the Wordpress plug-in Bad behavior. It is quite good at stopping automated spam bots.

Feel free to comment below if you have had similar problems and have any questions or tips to offer.