Support » Fixing WordPress » Hacked robots.txt

  • My WordPress site has been hacked. Google Chrome is giving an error message:

    Warning: Something’s Not Right Here! contains content from, a site known to distribute malware. Your computer might catch a virus if you visit this site.
    Google has found malicious software may be installed onto your computer if you proceed. If you’ve visited this site in the past or you trust this site, it’s possible that it has just recently been compromised by a hacker. You should not proceed, and perhaps try again tomorrow or go somewhere else.
    We have already notified that we found malware on the site. For more about the problems found on, visit the Google Safe Browsing diagnostic page.

    I’ve done some digging and, if I go to, I get the following:

    User-agent: *
    Disallow: /wp-admin/
    Disallow: /wp-includes/

    <script src=””></script>

    So there’s a script to the suspect site there. I looked for robots.txt in my FTP client, but it wasn’t there. From what I’ve read, it appears that WordPress writes a virtual robots.txt file and I can override it with a manually created one at the site root. Will doing that fix the problem? Or is the script somewhere else and needs to be removed?

    I’ve updated everything and changed my passwords. I just want to be clear how to get rid of this.

    In Google’s Webmaster Tools, validating my sitemap gives error codes. I don’t know if that’s relevant.

    Sitemap contains urls which are blocked by robots.txt.

    I have visibility set to allow search engines in the WordPress UI, but when I logged in after getting hacked, it was set to private. I’m pretty sure I didn’t set it that way.

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Hacked robots.txt’ is closed to new replies.