Finding and Removing Spam Links
The WordPress Security Learning Center
Finding and Removing Spam Links

3.4: Finding and Removing Spam Links

Updated September 16, 2019

Spam links are links inserted into a website with the intent of manipulating search engine result pages. The more inbound links a site receives, the higher the placement of the target web site in the search results. Spam links are typically inserted into the database content in plain text, though they can also often be obfuscated (intentionally obscured to make code ambiguous) and inserted into site files.

Determining if your site is infected

Spam links can be inserted in site files or the database, so determining if you site is infected often can be done by a review of your site’s content. Spam links are usually not obfuscated, and they are often visible by looking through the site.

Spam links may be related to any number of highly competitive search niches including:

  • Pharmaceutical sales
  • Essay writing sites
  • Ringtones and music downloads
  • Movie downloads
  • Online casino or gambling
  • Fraudulent/replica designer sales
  • Weight loss supplements or products
  • Adult content

Removing spam links requires analysis of the site’s code and database. First, make a backup of your site’s files and database.

Reviewing files for spam links

Within your site files, spam links are often inserted into theme headers, footers, or within the theme functions. They are typically inserted as just typical hypertext links. They may often be obfuscated by javascript, but typically they are plain text links. Determine which links are not relevant to your site and remove them.

Often spam links will be hidden using styles that hide the links from visibility within the page, such as:

<div style="position: absolute; top: -132px; overflow: auto; width:1259px;">

Reviewing the database for spam links

Removing spam links from the database can be time consuming. Often, spam links will be inserted by a script that changes the links just enough to be different every time. If you have this type of spam link, you will often have thousands of links on your site.

Removing these links: To remove these links, there are a few options. Often, these links are inserted into every post on the site. Scripts can be removed by editing:

  • within the content management system (e.g., via WordPress post editing)
  • via a database tool like PhpMyAdmin which allows for editing more than one page/post at a time.
  • via a downloaded text file locally and uploading the cleaned posts into the database using a SQL management tool. While fastest, this does require a level of technical expertise in working with SQL.

Spam links are placed on the site through exploitation of some vulnerability on the site, either through backdoors, unpatched site code, or compromised administrative, FTP, or other accounts.

If you find spam pages on your site, it is important to determine how those pages were placed. There may be other types of malware or security vulnerabilities on your site that allowed an attacker to gain access. A review of the entire site is important.

If after reading this guide, you are unsure of how to remove spam pages, if you are looking for more answers as to how the spam pages were placed on your site, or if you need assistance ensuring that all spam results are removed from the search engine result pages, get help.

Did you enjoy this post? Share it!

The WordPress Security Learning Center

From WordPress security fundamentals to expert developer resources, this learning center is meant for every skill level. Get serious about WordPress Security, start right here.