Seonix WordPress hack and the tool that fixed it in 5 minutes


This morning I recieved a VERY disturbing email from one of our readers:

On Tue, Apr 3, 2012 at 5:56 AM, Jorg Ruis
Hi Jeremy,

Tried to contact you Twitter and your contact form several times. Last week Thursday I discovered that someone got in to our backend and submitted quite some links (124 posts to be exact) to He also changed some of the canonicals of posts. I looked up which other domains were linking to him and I see quite some pages from you guys popping up like this one (chick the link at ‘affiliate marketing’). He also got to VentureBeat, Crunchbase, and some others.

All the best,

Jorg Ruis

First and foremost I want to thank Jorg for taking time out to email us. Some of these are years old.

I looked at the post he mentioned then started going through the revisions of the post. It was easy to pinpoint what administrative users account had been comprimised. It was a former employee who had not been on our staff for 2 years.

I searched then site wide and found 36 posts had the links to with various keywords as anchor, title, and alt text.

Now I could go through manually and change every one… but some had multiple links per post (average of 2 per post).

But instead I used our awesome seo mass link wordpress plugin

Using this tool I easily found all the links:

I selected all the posts and hit remove all:

Then you can see the results, see previous and current, and even revert all or certain changes.

13 thoughts on “Seonix WordPress hack and the tool that fixed it in 5 minutes

    1. ShoeMoney

      Lol just happy to discover it right now. Unfortunately when you track down these guys they are in a foriegn country. Plus who knows if he actually did it.

  1. Dean Saliba

    Very cool plugin you have there, I dread to think how long it would have taken you to remove those link manually.

    But I’m confused about how the guy got in, did he just hack the user account of your ex-employee? And how come you still have a user account for someone who left your ocmpany over 2 years ago?

    Glad to see you got things sorted now. :)

  2. mel

    if he had thought of looking into more admin privilidges on wordpress, it could’ve been very disastrous, good thing there was that plugin handy.

  3. Andre

    After installing it, it screwed up a few other of my plugins, with notices like this:

    Notice: Undefined index: wpcf_your_name in /home/mysite/public_html/blog/wp-content/plugins/wp-contactform-akismet/wp-contactform.php on line 21

  4. Chapinsky

    I had something really useful and constructive to say but then I saw a picture of an awesomely gorgeous scantily clad woman in the sidebar and, what was I talking about again?

    Oh yeah, your link plugin (my friend she is hotness!)… *ahem* your LINK plugin, does it update the database with the new data or does it continually scan the page on pageload? I’m interested if there is no continual overhead and the links are added to the db permanently… those extra database calls are a deal killer imo.


  5. shoeIsBack!

    Good post Shoe (finnaly something about internet, basically the internet is what intressts me)! You are back man!

  6. Pingback: Protect Your Blog From WordPress Vandals

Comments are closed.