I have spent months building a site with wordpress, and have a high ranking on Google. Recently the outgoing RSS feed from my site has been not working, running it through a feed validation site I get the resulting error line
This feed does not validate
Line 176, column 15:XML parsing error: <unknown.:176:15: junk after document element
…with a whole load of link spam showing up immediately after this highlighted line…
<!– google –><font style=”position: absolute;overflow: hidden;height: 0;width: 0″>
When I update wordpress the problem goes away and my RSS feed works, but only to return around 2 days later with the same problem…spam in my RSS feed and it not working. I installed the “bad behaviour” plugin immediately after updating but the problem comes back.
What can I do, short of wiping my wordpress installation and starting again? I want to act fast as I don’t want my Google rankings effected.
I have backups of exported XML files from my wordpress site.
I’m running wordpress 2.8.6, if I update it then the link spam in my RSS dissapears and the RSS works ok. But then a day or two later the link spam comes back, and my RSS goes down again. I have added security plugins since the hack, but I think this is like shutting the door after the horse has bolted.
Updating wordpress does not wipe the problem, it just comes back. I think I need to delete wordpress from my web host (justhost) and do a fresh install. I have exported XML files from my WP site to import after I reinstall WP, but I’m not sure if this includes my images.
I wiped my wordpress installation and installed a new one, but before this I made a full backup from my host, (maybe containing the hack). I imported a recently made XML backup file into the fresh installation, and it showed up as a basic site with my posts, but without plugins or images.
I then restored the full backup of my site I made from my host, and my site was completely restored. I have been checking the RSS feed every day and it has been ok, I thought I had got rid of it.
But now, around a week later the problem has come back.
(RSS feed contains errors)
I think I will have to wipe wordpress again, import a recent XML file, and then manually add all my images. A tough job as my site has 64 pages.
Can anyone offer any suggestions or help?
I have the “Bad Behaviour”, “Project Honeypot”, and “secure wordpress” plugins installed, but these do not seem to stop it
I will try running a plugin called “Exploit Scanner”, and also “SearchRegEx” as you said.
I don’t know how these spammers and hackers can sleep at night, spewing their junk all over peoples hard work.
I have deleted my wordpress installation numerous times, and restored backups from before the hack as far as I know, and the RSS still breaks down with inserted spam.
Now I’ve wiped and reinstalled wordpress and not even restored any backups, but started my site from scratch with only security plugins installed. A day later the same problem came back with a “junk after document element” error when I ran it through feed validator, showing a whole load of spam.
My Web host Justhost are no help, they said they will fix the problem but have not. I wrote a detailed email describing what is happening and their reply was “Change your passwords and run a virus checker on your computer”…ridiculous! I have done that plenty of times.
I am deleting and reinstalling WP and not altering or deleting anything else. When I delete WP, if I then go to my files and see anything that is still there that looks like a WP file, should I be deleting that as well?
Obviously a fresh install is not removing the problem.
Any suggestions or help would be very much appreciated…
Just a thought, when you reinstall, you delete the WP files, but you use the same database? What if that database contains a user that just logs in and inserts the spam?
Alternally, did you download your theme and upload it again after the new install? What if that theme is full of rogue code?
Twice you have been referred to the “how to completely clean a hacked wordpress blog”, did you read it and do everything it said?
also, do you deleta ALL files on your server? Do you have anything else running? Any other files, any other programs, etc?
When I was hacked, the problem never was in my WP installation, it was in 2 other software packages I had running, buried way deep. There were 2 rogue php files in those software packages being used to spam my WP install