spam - How to locate & delete hidden pages on a site

admin管理员组

文章数量:1429008

Basically my friend has a custom wordpress site which was hacked recently but apparently the dev cleaned it up (said it was a server hack and that all their sites were hit) and filed a reconsideration request which was approved so i'm assuming it's fixed. But I noticed there are still spam pages floating around on the site.

In the wordpress back-end I can only see the published pages (less than 10) so the 100+ spam pages must still be hiding somewhere else. I've tried searching in the cpanel file manager to no avail.

Any ideas of what I can do to locate and delete hidden pages in the wordpress files? I can find many of them through the inner links on Search Console, but that's just the URLs - I don't know where I can go to actually find the files and delete them.

Basically my friend has a custom wordpress site which was hacked recently but apparently the dev cleaned it up (said it was a server hack and that all their sites were hit) and filed a reconsideration request which was approved so i'm assuming it's fixed. But I noticed there are still spam pages floating around on the site.

In the wordpress back-end I can only see the published pages (less than 10) so the 100+ spam pages must still be hiding somewhere else. I've tried searching in the cpanel file manager to no avail.

Any ideas of what I can do to locate and delete hidden pages in the wordpress files? I can find many of them through the inner links on Search Console, but that's just the URLs - I don't know where I can go to actually find the files and delete them.

• spam
• hacked

Share Improve this question edited May 28, 2017 at 20:54 ice asked May 28, 2017 at 9:53 iceice 2111 silver badge33 bronze badges 3

• Most likely those pages do not exist. They are generated dynamically. Check your .htacces file. Then check all files for unwanted code. Find some part of the code that is present in all generated pages and search for that. Also check the database – RST Commented May 28, 2017 at 9:58
• You can download w clean Wordpress installation and compare the files of your friend's site with the original files for differences. You can use for this for example [Total Commander](www.ghisler) which has a function Commands->Synchronize Dirs that could be usefull for this. – Picard Commented May 28, 2017 at 12:54
• Thanks for the suggestions. It all ended up being too much for me to figure out so I hired someone to fix it for me. – ice Commented May 29, 2017 at 7:17

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 1

Posts/pages are stored in the wp_posts table. So you could get into the table and delete records. But, not recommended, unless you really know what you are doing with the tables.

My procedure would be to re-install WP (from the Update page; reinstall WP), then delete any non-WP (the 'Twenty*' ones) themes, and remove all non-needed plugins, and reinstall all the ones you need (deleting/removing then reinstalling might be better).

Then check for any files (via your file manager in cPanel) for any files with datestamps other than the date you reinstalled everything). Inspect those files for 'badness'.

Another procedure would be to export your posts into an XML file, and import them into a brand-new-empty WP installation.

Of course, either of these procedures will remove any customization of code, themes, or plugins - and content. Even so, starting from scratch might be the best.

Depends on how much of the site content you need to 'save'. But, a bunch of work on your part to get things back to normal.

(Assuming that you don't have a known good / pre-hack backup of your site database and customized files.)

Good luck.

本文标签： spamHow to locate amp delete hidden pages on a site