How To Remove Unwanted Links That Appear On Every Pages On Your WordPress Website

Do you experience a surge of traffic from unwanted keywords? Or maybe you found that unwanted outbound links exist on every page on your website? Then you need to read this post thoroughly.

The symptoms: In my case, I found that unwanted keywords are ranking well on my comics website. The keywords are related to adult keywords while the website is for kids.

I checked and confirmed that I don’t have any page related to those keywords and Google didn’t index any unwanted pages. To check this I use command site:websitename.com on Google search page. Make sure Google didn’t index unwanted web pages.

The problem: Later I found that all pages on the website contain external links to gambling related websites. This is what it looks like:

unwanted links

My steps to remove the link:

  1. make a backup of the website so I can troubleshoot without compromising the actual website, in this case, I make a staging website.
  2. On the staging website:
  3. I deactivated all plugins —> Failed the links still exist.
  4. I changed the WordPress theme —> Failed the links still exist.
  5. I reinstalled the WordPress core files form within the dashboard —> Failed the links still exist.
  6. I accessed files under

In total there are 3 unknown folders, and I deleted them all:

unwanted folder

Notes: the plugins are invisible until I delete folder autologin-links and my-wp-brand. When I deleted both folders above the WP Headers and Footers menu was shown under the settings menu. Now I can see how they plant the links.

unwanted plugin

How to prevent this from happening in the future?

I changed the administrator password and install the 2-factor authentication from Plugin Contributors

2fa

As alternative you can also activate 2FA from the Wordfence plugin.

Update 1 Nov 2024

After several weeks normal, Ahrefs emailed me update of new keyword and it contain unwanted keywords. I quickly check the source code and found 1 unwanted link on the website.

new keyword position

This time they don’t use the plugin, instead directly create a link on the home page’s sidebar. I checked the WP_User table and found a normal users.

When I check on the webhosting dashboard, they deleted some of malicious files as below, I then

Malicious Files

Quickly I realized that they access remotely to the server, not via WordPress username. I checked SSH access and found it enable, quickly I disabled it and changed the SSH access password.

SSH access disable

I also deleted existing SSH Keys

delete SSH Keys

I hope this time I found the culprit. I will update again when found another interesting incident.

How useful was this post?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 1

No votes so far! Be the first to rate this post.

Leave a Reply

Your email address will not be published. Required fields are marked *