Hacked by a Spam Link Injection? Learn How To Fix Your Site


If you’re seeing a sudden increase in your bounce rate or suspicious links under your posts in your WordPress admin panel, your site is most likely a victim of a Spam Link Injection hack. This is one of the most common and yet most damaging attacks hackers deploy. 

Why do hackers deploy spam link injections in the first place? Simple. By inserting their spam links into your most popular or indexed web pages, they want to redirect your users to other spam websites to get higher SEO authority. But, having such malware on your website can cause Google and other search engines to blacklist your website. 

Phishing attack ahead
this site may be hacked

As you can imagine, this is a double whammy for your site – your website’s SEO ranking takes a hit, and you lose traffic.  This further impacts your conversions, revenues, and of course, brand image and customer trust.  

How do you confirm if your site has been infected with a spam link injection? And, if yes, how do you fix your website in quick time? Let’s learn all of this in the next few sections.

Steps To Check For Spam Link Injection

How do you check if your website has been infected with spam link injection? Here are some of the things that hackers do:

  • Enter popular keywords like “cheap Gucci bags” into high-ranked webpages.
  • Add hyperlinks of spam websites like antibioticsordrer.com or basicpills.com into your webpages – or directly into your WP database.
  • Access customer records in your database – and send spam emails to their email addresses.
  • Display unsolicited ads or banners directly on your website pages.
  • Add hundreds of new webpages to your website.

Additionally, you can confirm a spam link injection attack on your website by checking Google Analytics – to see where most of your traffic is coming from. 

In most cases, WP sites are infected by spam links that are inserted directly into the wp-post table in the WP database. Some of the common links that are used include pharmacy-related websites like basicpills.com, generic-ed-pharmacy.com, and getrxpills.com.  

What makes spam link injection particularly cumbersome is that some of these links also appear within a tag or text, making it difficult to search and remove. 

So, how do you go about fixing the problem? 

How to Find and Remove Spam Link Injections

Luckily for site owners, there are some easy and effective ways of finding and removing spam link injections. 

  • Manual method – this requires some technical expertise
  • Automatic method – this is done using a security plugin and is easier to implement even for non-technical users. 

Let us discuss each of these two ways in detail.

Using a Security Plugin

If you want to find and remove all your spam link injections within 5-10 minutes, this is the best method. It is also a very user-friendly method and can be executed without depending on any WP security expert.

WordPress users can leverage the capabilities of security plugins like MalCare or Sucuri, that are designed especially for WordPress. 

wordpress security plugin

For instance, you can use MalCare to quickly detect and remove all spam link injections with the following easy steps:

  1. Sign up on MalCare with your details. After successful registration, click the link provided in the signup email to access the tool’s dashboard.
  2. Sign in to your dashboard account and proceed to install the plugin for your website.
  3. Next, MalCare automatically scans your website and reports the number of hacked files.
malcare scan
  1. The final step is to click “Auto-Clean,” and the security tool will clean all your hacked files – and get rid of all the spam link injections from your website.

Overall, this entire scanning and removal process does not take more than 5 minutes – and can be performed by any novice user with basic tech skills. Plus, the security plugin can quickly detect new or unknown spam links hidden in unknown back-end files in your WP installation.

Manual Method

As mentioned earlier, the manual method of scanning and removing spam link injections is more complicated and time-consuming. We don’t recommend it for two reasons:

  1. You’ll find that the spam mostly regenerates owing to existing vulnerabilities on the site.
  2. The manual method modifies some critical WordPress files. Any errors could have you spend hours troubleshooting the issue – this, again, would need a considerable investment of effort besides prior WordPress know-how. 

Before you perform the manual method, make sure to take a complete backup of your installation folder and database tables. This ensures that you can always restore your original files and tables from the available backup if there is any problem. 

Here are the steps you need to execute to perform manual scanning and cleanup:

  1. Check and remove spam link injections from your WP installation. To do this:
    • Use your host account to access the cPanel tool.
    • From cPanel, open your File Manager and then access the “public_html” folder that contains all your installation files. If you have installed your WordPress on any other location, then open that specific folder.

You can now view three important folders from your installation folder: wp-admin, wp-content, and wp-includes (as shown in this sample screen).

public html folder

These three folders are commonly targeted by hackers to insert malicious or spam links into your website.

  1. Using cPanel, manually search for spam links in each of these folders – and delete them wherever you find. In most cases, you will find the same spam links across all your web pages – so that makes your task easier. 

Once you have completed manual scanning of all these three installation folders, you are good to go to the next step.

2. Check and remove spam link injections from your database. To do this:

  • Go to your host account, access your cPanel, and then open the phpMyAdmin tool.
  • Use the phpMyAdmin tool to select your database and then export all your database tables to an SQL file format (as shown below).
database export
  • Once you have downloaded your database file on your computer, perform a manual search for any spam link injections. To do that, open the file with any text editing tool and then search for any malicious spam code in PHP functions like base64_decode, shell_exec, eval, and gzinflate.
  • Delete any of these malicious codes – when you find them in these functions.
  • After cleaning the database file, you can then import it to your database using the phpMyAdmin tool.

As we mentioned, this manual method of detecting and removing spam link injections has its share of risks. For example, you could accidentally add any non-malicious code from these PHP functions that could result in your website’s malfunctioning.

Now that your website is clean, it’s time to improve your site security and prevent these attacks in the future. Let’s figure that out in the following section.

How to Protect Your WP Website from Future Hacks

We recommend implementing the following three approaches to safeguard your website.

For your overall WordPress installation

  1. Change all your current user passwords – and mandate the use of strong passwords (of at least ten characters) consisting of alphabets, numbers, and special symbols.
  2. If you are currently using an old or outdated WP version, update your installation to the latest version. This will ensure a quick fix for all the security-related vulnerabilities on your site that hackers take advantage of.
  3. Limit the number of administrators (or users with “admin” privileges) to the minimum. For the rest of your site users, assign lesser privileges like “editor” and “subscriber” with lesser powers.
  4. Implement an efficient backup strategy for your website and database. For example, you can use the BlogVault backup plugin for both backups and restores. It performs all the backup operations on its own servers so your site does not slow down while being backed up. 
  5. Check and remove any unknown users from your list of users.
  6. Implement Two-Factor Authentication (or 2FA) for your login page – that makes it difficult for hackers to access your login account.
  7. Another login page measure is to install CAPTCHA protection – that can identify “harmful” bots and limit the number of failed attempts in your login process.
  8. Disable your file editor tool that hackers use to add or modify malware or malicious code in your installation files.

For WordPress plugins/themes

  • Like your WP version, take stock of all your installed plugins and themes – and update any old or outdated ones to their latest available version.
  • If you have any unused or inactive plugins/themes in your installation, remove them immediately.
  • Always use genuine plugins/themes downloaded from trusted sources. Avoid using nulled or pirated plugins/themes.

For your WordPress hosting

  • If your site is currently hosted on a shared hosting platform, you should consider moving it to the safer managed hosting platform.

In Summary

Considering the effect spam link injections can have on your website’s SEO and your business revenue, it’s important that you take immediate action to clean your site in case you detect it on your site. As we discussed, manual methods can be quite complicated. 

Security plugins offer a much more effective way. We highly recommend investing in a trusted WordPress security plugin to prevent any future attacks on your site. Most plugins, like MalCare,  offer most of the preventive measures listed in this article integrated into their functionality. 

Jason S

Jason has been developing websites since 2008 using Wordpress. He has designed business sites, blogs, product review sites, and e-commerce sites. He has in-depth experience in customizing WP themes and plugins. Read more of Jason's articles.