Issues with Spam Redirects

[Joseph_Jones]

Recently, one of my client's websites started ranking for a whole bunch of keywords related to "essays". We've never written content on essays so I started thinking "what on earth, Google?". I then checked to see if this was legit, so I went to the SERPs using the keyword. Come to find out, there was a URL from my client's site ranking for the keyword. I looked further and the URL slug isn't something that I recognized. So, wondering why my client is ranking, I clicked on the link. I was then redirected to another website, one of which I am unfamiliar with.

This appears to be a spam (or hack?) issue. My client's site runs off of Wordpress. I checked and the page doesn't exist on my website. So, does anybody know what could be happening here and if there's a way to mitigate this issue with Google's indexing?

The page that's ranking, doesn't exist. I'm ranking for keywords, which I don't want to be ranking for. When clicking the URL, the user is redirected to an entirely different website.

I thought that this might be the use of a canonical tag feeding false information to Google. However, I'm stumped. Any advice would be terrific!

 

[Rich Owings]

Sounds like a hack to me. Try running it thru this test: Sucuri Security

 

[Joseph_Jones]

Sounds like a hack to me. Try running it thru this test: Sucuri Security

Rich,

I ran it through the test and the "essay" pages were found. It didn't detect any malware, spam, or hacking activity. However, I'm seeing a "security header" error. Most likely, I just need a stronger firewall. Thanks for sending this over to me, I'll continue looking into my security.

 

[Rich Owings]

Hi Joseph,

Another thought -- Have you checked Google Search Console? You can look at the Security section, but it may be helpful to do a deep dive in other areas too.

 

[Greg Schueler]

Sounds like a typical hack and that your WordPress site has been compromised.
The codes and the injected malware on the backend are sometimes hard to notice as the hackers are good at hiding it and only showing it to certain viewers.

If there are a lot of spam pages indexed in Google, it will take some work to get things back in shape, but it is doable. You can do a Google search for: site:domainname.com (use your domain name after site and you will see how many pages the hackers have indexed on your site. This can get to the 10s of thousands if not stopped early.

For clean up, you will need to scan and clean all impacted files on the server. There is a plugin called "GOTMLS" that is great at scanning the site and will find a lot of the files. (Wordfence is good to, but usually is better at prevention and doesn't always find all the infected files after the fact). Once you get the results from GOTMLS you can see the patter and look for similar files on the server.

When you see all the plugins/themes/WP files that are infected, it is easier to delete those completely and re-install a fresh copy of each. Or you can manually scrub each file as needed.

You should then change all passwords, including database password. Make sure all plugins/theme are up to date with latest versions so this doesn't happen again.

Then you will need to check Google Search Console to see if the hackers have gained access there and submitted a second Sitemap. If so delete it and the user. Create a new clean Sitemap on your site and submit that. If GSC has flagged your site as hacked, you can submit for a review, but it doesn't sound like they have flagged it yet.

== That is the short overview of hack repair. There are deeper instructions/detail for each part, but this should point you in the right direction.