Sucuri Webinar Q&A HOW TO IDENTIFY AND FIX A HACKED WORDPRESS WEBSITE. Ben Martin - Remediation Team Lead 1
Question #1: What is the benefit to spammers for using someone elses UA code and is there a way to hide it? Answer: I haven t found a way to hide it. I actually did some research in advance of this webinar to see if we could do that. You can put it in like an analytics.php file that you include, but people will still be able to find that stuff, too. The thing is, you don t want to block Google Analytics from being able to send that data. As far why they do it, there s some speculation, but I think probably, for me, the most common reason is that they re trying to spam marketers who are using Google Analytics and get them to check out these sites. Other times, it s just people want to watch the world burn. There s just evil people out there who want to invalidate your data. Very rarely would I say it s a targeted thing where they re trying to pollute your analytics because it s, say, a competitor or something like that. More often than not, it s just spammers who, like I said, take ten minutes to write a script and they can send their website to an audience of millions of marketers who use Google Analytics. Question #2: Should we be concerned with the host name not provided? Is that something that should be a major concern? Answer: Not if you set up that filter. That might be measurement protocol stuff. I wouldn t worry about it too much. I mean, if it s not provided, then it s not coming from your website. Don t worry about it. Set the include filter to include the host names that you want and just leave the other ones alone because, unless you have some serious weird security stuff on your site, your host name will show up in your reports from the valid data that you re trying to send. Question #3: Do filters work retroactively? Answer: No. So, filters are applied once you apply them to your view, all the data going forward, is changed. Which is why I said you should probably set an annotation so you know when you set it up. Annotations are a nice little way in Google Analytics to mark certain things like spikes and that sort of thing. You can put a little bubble there on the date that you made the change. Filters, once you apply that, basically your data as it s sampled from Google Analytics, it get processed and it goes through your filters. Once you apply the filter, everything forward will change from that moment. Segments are how you are able to look at the past data. 2
Question #4: What all can be customized in a view? Answer: Oh, tons of things. All you have to do is just go to your views in Google Analytics and look under the column. Custom Alerts is one of them, there s Goals and that kind of thing, too, and events I think that you can set as well. Yeah, all of it s available under the view column and anything that you change under the view column will apply to the specific view. The main one, though, that you should be concerned with that I recommend everybody looks into is Filter. I just Google like Top 10 filters using Google Analytics Top 5. There s tons of other people who are analytics experts who ve set up some really great guides on how to use those. Question #5: Do you find that it s easier to include a filter rather than excluding the host names you don t want? Answer: Definitely. I mean, like I said, one of the problems there is if you add more properties, more websites that you want to track, then you want to have a back-up view that doesn t have a host name filter on it, but maybe has the other filters that you do want. If you re excluding those bad host names, that just means that if a new website shows up as a bad host name, you re gonna have to go back to that filter and exclude that one as well and make another segment because now that data is in there. You can t remove it, but going forward, it won t be processed anymore I definitely find that it s easier just to include the websites that you know. I mean, it depends, too. Like if you have, I think there s a max of like 50 properties or something, so if you have a lot of properties, it might be a lot of work to do at Regex. Fortunately, those filters allow for enough room for that and you can create multiple filters as well. Like I said, the referral website that I was mentioning that stops the bad referrers, they set up multiple filters because there s only so much room. Yeah, generally, if you have a handful of websites that you re processing, it s easier just to include those ones in your data and then that way no other ghost referrers will ever show up for you. 3
Question #6: This person had a question that they re using Yoast CEO premium and that has the search console info that Google has, but they want to know if they should depend just on Yoast or look at Google also. Answer: Basically Yoast is, as far as I m aware, Yoast is hooking up with Search Console because Search Console, actually, provides you with some queries that people are using to find your website. Yoast will pull that information into its plugin. I m not sure if Yoast has a security feature in order to let you know if you re blacklisted or something. We do have a free wordpress security plugin as well, which will scan your site and let you know if you re blacklisted, which I highly recommend that anybody with wordpress installs. Yeah, I would definitely recommend. It s worth getting to know Google Search Console and just clicking through. There s a lot of interesting stuff in there. I mean, I m just a data geek, but I think it s really helpful and especially the search query section is really awesome. They improved it over the last year, too, so that you can better filter date ranges and see what queries are being clicked the most to send people to your site. That data is very valuable, I find. Question #6: What s your best practice for removing post hack malicious 404 not found links from the webmasters? Answer: I would use that Google Search Console URL removal tool if it s just a few of them. If you ve got a ton of them, you can use a robot.txt file. What robot style text is, if you re not familiar, is it s just a file, a text file, on your server that bots have to respect. Especially the good bots like Google Bot. When Google Bot s trying to hit your site and it s like, Oh, let s just crawl this whole site. First it reads the robot.txt file and finds out if there s any places you don t want it to go. If you have a bunch of 404 spam in a directory like, maybe, the hackers made a directory that s like, they just smashed the keyboard and made a directory and then put like 10,000 pages in there. Now they re all gone. Instead of submitting those one by one, 10,000 times, you can just tell Google Bot, Don t go into this directory. Just forget, it s not there. Don t index it. That s probably, I would say, the easiest way if there s a lot of it. If it s just a few URLs, the URL removal tool, for me, is probably easier because I don t have access to our server. 4
Question #6: This person said that they heard that Google said they don t mind the 404s and they don t affect the ratings at all. Is that what you ve heard as well?</ Answer: I think it depends. I mean, SEO is such a toss up sometimes. There s a lot of mystery to it. I ve heard some people say that if you have a lot of 404 errors that Google doesn t like that. It really depends. I mean, they show up as crawl errors. I know that places like Mauz definitely recommend that you resolve your crawl errors. Again, people have tested both ways and some people say that 404 errors do effect search results. Especially if they re in large numbers. Some people say they don t. One thing that I did find and we ve written a blog post about it as well, if you search for 404 errors in Google Search Console you ll see Caesars post about a site that had multiple 404 errors and because there were so many 404 errors on the site... No, it was like so many pages that were created. It was like 250,000 pages or something. Google starts to think your site is much bigger so it crawls it much faster and then when those pages just disappear, the crawl rate is totally out of sinc. It can, actually, DDos your website. That was kind of an interesting one that we looked into, but definitely, I would say, it s always beneficial to get rid of 404 errors just because they re not good to have. Especially if people are actually trying to visit those pages, then you want to resolve them. It s a bad user experience if they re legitimate 404 errors, not spam. 5
sucuri.net 1.888.873.0817 sales@sucuri.net 2017 Sucuri, Inc. All Rights Reserved 6