Support » Fixing WordPress » oembed_cache SPAM problem

  • Resolved mediumd

    (@mediumd)


    I recently found hundreds of posts with post_type oembed_cache while looking into my database. Many of them appear to be spam. I can’t for the life of me figure out how there are being injected into my database. Here is a picture from phpmyadmin LINK. Is anyone else having this issue? Can anyone offer any insight? How do I clean this up and more importantly how do I prevent it from happening?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator t-p

    (@t-p)

    Here is a documentation article on https://wordpress.org/support/article/embeds/

    There’s a WordPress plugin called “Disable Embeds” which is suggested WordPress users install if they want to turn the WordPress 4.4+ autoembeds feature off.

    Thread Starter mediumd

    (@mediumd)

    Thank you for your reply.

    I have reviewed the article regarding embeds. In my case, I think I will go ahead and disable them with the suggested plugin as I don’t believe I have a use for them (at this time).

    What I’m still struggling to understand is how the bogus spam entries (one is highlighted in the picture I linked to) ended up in my database. Something or someone must have put them there no? Is it a WordPress vulnerability? A plugin or theme vulnerability? Is this a common issue? Is it something to be concerned about or is it harmless?

    I would really like to fully understand what is happening so I can get to the root of the issue and resolve it.

    Thank you.

    Thread Starter mediumd

    (@mediumd)

    I have finally figured out what is going on…

    I get a far bit of spam submissions via my contact form, these spam submissions include URLs. Although they are being flagged as spam and filtered out, WordPress still creates an oembed_cache entry in the database for them.

    I have verified I do not have any actual spam links on my website, so in my case they are relatively harmless.

    It would appear that I can occasional remove the bogus entries from my database or I can use the Disable Embeds plugin.

    Cheers.

    Moderator t-p

    (@t-p)

    To be sure, I recommend asking at Disable Embeds plugin so the plugin’s developers and support community can help you with this.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘oembed_cache SPAM problem’ is closed to new replies.