I received a mail from Google, saying one of my sites were hacked. They detected hacked content on my website. I spent about 4 hours figuring out how this was possible. Searched the whole database, scanned all folders and also ran an Antivirus and malicious code scanner. None of the scans found any hacked content.
Then I started looking at the php code of my WordPres theme. The code was referencing the most sold woocommerce product and was displaying it in the footer of the website. Please see in attached screenshot “WahooFitness_Image1″. In the screenshot you can see that the ‘Add to Cart” button links to a spam link. When looking at the code, there is no spam. Please see a screenshot of the code as attached in WahooFitness-Image2.
The problem here was with the theme as you can see. It sets the value of the “Add to Cart” button to %s. So the source of the link that you’re on. So if you did a simple WordPress search, you would change the link of the button to a spam link and Google’s bot would think it was spam. Please see WahooFitness_Image3 for the source view on the page. By going to “www.wahoofitness.co.za/?search=YES-XXX&id=?c=803” which simply does a WordPress search, the link of the button gets set to “www.wahoofitness.co.za/?search=YES-XXX&id=?c=803” making Google’s bot think your site has spam on it.
The way they manage to get Google’s bot to crawl your site is to post this link on other websites. Please see a screen shot of my WebMaster Tools “Links to your site”. So Google’s bot just had to crawl 1 link from those SPAM sites, and whale, my site gets marked as SPAM because there is a legit SPAM link on it.
All this came from a vulnerability in the “WooPress – Responsive Ecommerce WordPress Theme” where they did bad coding and caused me site to be marked as SPAM. Would love to hear what the community has to say about this and I really do hope Google.