All In One SEO a WordPress SEO plugin, since 2007 it downloaded over 50,000,000 times. They claim more than 30,000 active users and “N” number of positive reviews. This information is from their page. Can anyone imagine a active plugin will act as a spam? In my case study “All in one seo” will act as a spam or vulnerable plugin when a malicious code run inside the source code . It will ruin your online business and search visibility. You will lose your client and money.
How plugins ruin a online business ?
Because of security reason I am not mentioning about that victim business. This business ranked in google for all their demanded keywords for last 2.5 years. After a successful campaign they have launched a new responsive UX friendly website. Unfortunately for sitemap purpose SEO team install All in one seo plugin. It was a chaotic decision that have made by SEO team. First this malicious code run inside All in one seo and harm the victime badly.
After that plugin installation suddenly search visibility of that business have been lost. They lost all their keywords in search. And also a spam website title and description is showing in search with that victim’s URL. Some time it redirecting into that spam website itself. After a deep analysis developer discovered that this issue is happened because of All in one SEO.
Client was upset; SEO team lost their all effort valueless. After they concluded installing this plugin is highly risk. However I wonder, how this tricky plugin gets this much of positive reviews and more than 30,000 active users. May be this positive review is given by a spam bot or some malicious codes inside this plugin.
I checked the negative reviews. I have noticed that someone mention almost similar issue in his review. So I started a case study with the help of my developer.
Findings were unbelievable.
I wonder why not Google alert, when victim website is redirecting into a spam.
Developer‘s point of view
Beginning of the case study developer come to assumption this plugin will inject a spam code into application source code. And it will run when user agent request receives that meant when Google bot request is received this awful code will run and redirect into that spam website. Search bot will crawl this spam website instead of victim.
All his judgment is right except one.
This code is not injected by plugin. A malicious code have injected by someone or a bot through comment or any other security breach. Its another part of negative SEO. If we remove this plugin, this code will execute in another plugin. this will repeat unless we remove this harmful code. Try to avoid all unnecessary plugins in your website
If we want to solve this issue, just flush that code from server and reinstall the backup. Again it is showing malicious behavior that code must be in server. Then Check all running server log program and notice any malicious activity just kill that process.
If you don’t have the backup code, just sat down and check entire source code line by line. And remove spam code.
Another point is if this plugin has some vulnerable issue, and some one knows this vulnerability, using this doorway he can inject a spam code into victim.
SEO point of view
After fixing this issue, First priority is to remove cache from the search
For this send request to remove cache content from search using webmaster request removal tool. Then re-crawl the website and wait for re-index