Your Gateway To Digital Success
Wesbytes Blue Logo

Wesbytes Knowledge Base

Search our articles or browse by category below

Spamming in WordPress Platform

Last modified: July 2, 2022
You are here:
Estimated reading time: 2 min

Spamming in WordPress Platform

How to Fix the Spamming in WordPress?

Be careful while selecting any free Premium WordPress Themes because the theme can be no doubt free but you don’t know if it’s spam- or script-free too. Else you too will have to invest your time in researching the reasons like me or recovering your losses due to these scam scripts. In most cases, spam scripts are always there if you get a premium theme or plugin from the internet for free.

Therefore, the next time you get a premium theme or plugin for free from the Internet, be sure it is script- and spam-free. The cost of the themes and plugins must be significantly increased if not. As is customary, you run the theme through your anti-virus programme and receive the message “No Virus Detected” in green. The truth is that not all spam scripts are caught by antivirus software, Google Webmaster Tools, or any WordPress security plugin, so you stop here and acquire it.

Here is an example: I got an amazing impressive theme used by labnol for free. And the offer for me no doubt was like a “BUMPER PRIZE”. I tested it with anti-virus and Google fetch and it showed no error and according to me, I became a saver by saving $200. I was really happy with the theme and was using it over my official website. But after one month I realized that my traffic decreased by 80% !!! This was the time when I was to search for the reasons. Why is my traffic drowning at such a drastic rate…?

If you are facing a similar kind of problem as above, do not worry. This tutorial will tell you how to find and fix the spam scripts in your theme or plugin.

Types of Spam Scripts in Themes

Scam Script implementation can be done in several ways.

  1. Some spam scripts are placed inside the theme or plugin for traffic and back link .
  2. Other scripts can take control of your site and these are more dangerous as it can destroy your website or blog. Two ways how hackers place these scam scripts:
    The hackers place spam scripts in either by javascript code or php code.
Encrypted JavaScript spam script
Encrypted php spam script

Finding and removing spam script in WordPress themes and plugins, here's how:

Well, we need an IDE and there are some choices you can choose from. For example, Notepad++Edit plus, or Eclipse. Whenever you download some suspicious themes or plugins extract them to your desktop. Please do the following steps:

  1. Firstly, open your IDE. I choose Notepad++ because of its light.
  2. Next, go to search and click the “Find in files” menu.
  3. Now Find in files Box will be open in Find What enter the keyword eval.
  4. Now choose your theme or plugin directory.
  5. After that, click on find all.
  6. If the result comes click on the link in the result bar. You will see the encrypted line.
  7. Lastly, remove it.

Keywords curl:

A library and command-line utility for transmitting data using different protocols are provided by the computer software project Curl. In your WordPress theme, scurl serves no purpose. Nevertheless, some SEO plugins link to distant servers using curl. The encrypted script will undoubtedly be removed using this method, however I advise using authentic plugins and themes instead. I hope you were able to resolve the spam concerns with the WordPress CMS using this.

To All WordPress platform users and administrators

Please be aware: Dear valued customers, our security team found that there is a high number of cases reported on Spamming from WordPress platform users. After further investigation and analysis of the reported cases, they found that the spammer is targeting WordPress core files, which is “/wp-includes/” folder as well as other Core WP folder: “/wp-content” and “/wp-admin”. The best way is to remove all the existing files from the hosting space and download the latest version directly from the WordPress website. It is not recommended to re-install using 3rd party clients, such as Softaculous or RVSiteBuilder, or any other similar applications.

Was this article helpful?
Dislike 0
Views: 4