Yoast SEO
malware detected on header back up file created by this plugin (11 posts)

  1. ooomes
    Posted 2 years ago #


    This plugin is automatically creating a back-up file called header.php.wpseobak and it has been injected with some javascript malware. No matter how many time I delete the code and the file itself it keeps on regenerating. This is true even when I updated the plugin to the latest version.

    I know you guys don't support free version of this plugin but I think it's worth bringing up this issue.

    Any suggestions/guidelines would be great.



  2. wnthne
    Posted 2 years ago #

    I submitted a post about something similar two weeks ago:

    Found possible problems in Option _transient_feed_895a6fef0cc57461ead214388fd67e81 (script tag )
    Just to take an example, "Yoast" appears 35 times alone in this 14KB excerpt (total size is 218KB). I once had Yoast's SEO plugin installed, deleted long ago.

    Who else but Yoast himself would inject and bloat the database with "Yoast"? This could seem to suggest foul play. Does anyone have another explanation?

    [excessive code deleted]

  3. WPyogi
    Forum Moderator
    Posted 2 years ago #

    @wnthne - please stop posting code like that on these forums - it's been deleted several times - if you need to post lengthy code, use a pastebin per the forum guidelines.


  4. wnthne
    Posted 2 years ago #

    Thanks for the tip WPyogi. Here is the code excerpt: http://pastebin.com/kEdkTjTX

    I ran the ThreatScan plugin which exposed the injections.

  5. mrppp
    Posted 2 years ago #

    where is file created i can't see one called header.php.wpseobak

  6. mikeotgaar
    Posted 2 years ago #

    @ooomes @mrppp

    header.php.wpseobak - is found in the theme folder (not always).
    WordPress SEO only creates this file when it needs to change a themes built-in hard coded meta description function.

    The wpseo function is found in plugins/wordpress-seo/admin/pages/dashboard.php on line 64 in section starting on line 49, ending line 89

    $backup_file = date( 'Ymd-H.i.s-' ) . 'header.php.wpseobak';

    Because it's hard coded in the theme, it cannot be removed by a filter action. Instead the plugin backs up the original theme file, removes the hard coded meta description section, and adds the WordPress SEO dynamic meta description function.
    It has to, or there will be 2 meta descriptions, which are not too good for SEO...

    The file you found named header.php.wpseobak is OK. it's supposed to be there if the requirements mentioned above exist. It's not a malware script.

    But it's very good you are cautious :)

    To set your mind more at ease, because of the extension, .wpesobak, PHP cannot execute the file anyway. (same applies to extensions like .backup and so on which you sometimes find if the server techs have worked on the site

    If you're still worried, you may e-mail header.php and header.php.wpseobak to [ redacted ] for free manual inspection (must be in zipped folder or mail server will strip .php attachments)and let me know the theme!)

  7. mrppp
    Posted 2 years ago #

    so we are talking theme header?
    Can't see a header.php.wpseobak

  8. mrppp
    Posted 2 years ago #

    email sent

  9. @mikeotgaar Please do not post your e-mail or request people contact you off of these forums like that. Keep the support on the forums.


  10. mikeotgaar
    Posted 2 years ago #

    Apologies Jan
    Didn't realize offering free check was an issue.

  11. mikeotgaar
    Posted 2 years ago #

    The plugin only creates this ONLY IF the theme has built in SEO features like meta description - if this can't be disabled in the theme settings and the meta description is hardcoded...

    If it's not in your theme folder, it means WordPress SEO didn't need to modify the original file, so no backup file.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Yoast SEO
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic