When getting hacked hits your rankings

Earlier this year I wrote about the rankings that this blog had enjoyed dropping substantially despite the main site holding on to its positions. Yesterday I discovered a possible cause. A correspondent on one of my other blogs notified me that his anti-virus program had alerted him to an attempted trojan link when he visited my other site. I investigated and found that a section of JavaScript had been added to my header.php file which used character code to open an iframe containing a link to a malware site. I removed it and restored the original clean file. Naturally I then checked my other blogs and discovered the same problem on this one. (Interestingly another blog based on a different template was clean, though that may just be a coincidence.)

The dates on the infected header.php files were the 18th and 19th of January and I don’t know yet how the JavaScript code was attached, but I’ll be updating the WordPress installation (ironically I hadn’t upgraded immediately to 2.3 because I thought 2.1 was stable and secure) and trying out a new security technique that I discovered last night. If you have visited the site since those dates then I’d advise you to run your anti-virus programs. I’ve checked my own machine and found no problems so my own security seems to have held firm.

Now for the SEO implications. I check some of my rankings every week. On the 17th Jan they were fine with a number of top 5 results. By the next check on 24th Jan they had dropped substantially in Google. This strongly suggests that Google had identified the malware link and marked the blog site down for it. The blog rankings continued to tumble, suggesting that each fresh visit from Googlebot was pushing it further down. However I haven’t had any messages in Webmaster Tools notifying me of any problems. The question now is whether I should wait and see what happens after the next couple of Googlebot visits or if I should send a reinclusion request straight away. Suggestions welcome!

One thing for sure. I’ll be checking the file dates on my blog files regularly and keeping an eye out for any JavaScript in the source code.

Be careful out there!


When getting hacked hits your rankings — 1 Comment

  1. Eeek. I’m just checking all my versions of WP now to make sure they’re fine. I’ve seen some of these hacks before – but usually the ones that I’d seen were based on passing in SQL through query strings.

    Hope it remedies your rankings.