WordPress DIY – How To Check For Spam Links After Being Attacked by Hackers!

About a month ago, some of my blogs got hacked BAD, they were FILLED with porn spam links.  Of course, it took me awhile to realize that it was actually a WordPress security hole.  I complained to WordPress people via Twitter but they told me WordPress was secure.

Anyway, today I heard that WordPress announced that WordPress has security holes, meaning if you don’t use the latest versions, you are susceptible to worms that will take over your admin privileges and possibly do nasty things like put spam links all over your older blog posts.

I actually did a complete analysis on how hackers were doing it and indeed it’s all “automated” and they try to fill your older blog posts with spam links so they will go unnoticed if unless you check your last year’s blog posts.

You will need this simple code to see if they have injected any hidden spam links in your blog posts, just in case your blog got hacked.

Hackers will use “display:none” to “hide” their links from the browser so here’s the code you can download and save as “check.php”.

Change the DB name and password to yours.  Then run it by opening the browser and pointing to check.php file or better, you can run it from linux command line if you are on dedicated servers like me.

The code here will simply to find any “display:none” and count how many there are.  If you find zero, you should be okay but if you find like more than 10, you might want to dig into your database.

I also have the code for automatically getting rid of these spam links.  One of my blogs had like 3,000 spam links so…  If you want it, I will post it, just leave a comment.

This is the code but don’t copy and paste this as it won’t copy and paste right, use the text file I provided in the above link!



$con=mysql_connect(‘localhost’,$dbname,’$dbpass’) or die (‘Error connecting’);

$select=”select count(*)  FROM $dbname.wp_posts WHERE `post_content` LIKE ‘%display:none%'”;


$query = mysql_query($select,$con);

echo “COUNT:”.$count;


2 Responses to WordPress DIY – How To Check For Spam Links After Being Attacked by Hackers!

  1. Dave says:

    You mentioned in your post that you did an analysis on the current worm. I'm trying to protect our WordPress installation without upgrading (we are testing our code against the new upgrade but it will be a while before that's finished) and I'm looking for information about the user-agent, IP address ranges, request strings or anything else that can be used to detect and block the worm until we are able to upgrade.

    Could you post the information you used to do your analysis ?

    Feel free to email me if you would prefer.

  2. zedomax says:

    It's register/login related. If you don't need user login, disable that and also make the login registration page itself double passworded, you can do this with .htaccess file like this:


    That probably can't be hacked.

Leave a Reply

Your email address will not be published.

Check out more interesting categories: Blog, DIY, Hack, HOWTO, security, technology, Web, Wordpress.

Related News and Resources