Seonix WordPress hack and the tool that fixed it in 5 minutes

This morning I recieved a VERY disturbing email from one of our readers:

On Tue, Apr 3, 2012 at 5:56 AM, Jorg Ruis
Hi Jeremy,

Tried to contact you Twitter and your contact form several times. Last week Thursday I discovered that someone got in to our backend and submitted quite some links (124 posts to be exact) to He also changed some of the canonicals of posts. I looked up which other domains were linking to him and I see quite some pages from you guys popping up like this one (chick the link at ‘affiliate marketing’). He also got to VentureBeat, Crunchbase, and some others.

All the best,

Jorg Ruis

First and foremost I want to thank Jorg for taking time out to email us. Some of these are years old.

I looked at the post he mentioned then started going through the revisions of the post. It was easy to pinpoint what administrative users account had been comprimised. It was a former employee who had not been on our staff for 2 years.

I searched then site wide and found 36 posts had the links to with various keywords as anchor, title, and alt text.

Now I could go through manually and change every one… but some had multiple links per post (average of 2 per post).

But instead I used our awesome seo mass link wordpress plugin

Using this tool I easily found all the links:

I selected all the posts and hit remove all:

Then you can see the results, see previous and current, and even revert all or certain changes.