What do you mean by Spam page on a WordPress Site?

Spam pages are files added to your publicly accessible website to manipulate Search engine rankings by creating backlinks without the permission of the owner of the site. The more a site receives inbound links, the higher the chances of the target website ranking in the search results. Inbound links from reputable sites are even more valuable. Sites with older domain names, .edu domain names, or the most popular ones that are often updated are the most desirable targets. As such, hackers often use these vulnerable sites to build complex link networks for highly competitive search niches.

Determine if your wordpress blog is infected

Site owners often do not know that their site is infected with spam pages until their site’s search results begin to show strange results unrelated to the site’s content. A review of the site and search engine results pages will indicate if there are spam pages in the site or database files. Spam pages can be found as stand-alone files or added as messages or pages in your database. So, you need to determine them before you remove spam pages from your wordpress blog.

Spam pages can be of highly competitive niches, including:

  • Adult content
  • Pharmaceutical sites
  • Ringtones and music downloads
  • Movie Downloads
  • Online Casino or Game
  • Supplements or weight loss products
  • Essay Writing Sites

Scanning and deleting spam pages from your server

To delete the spam pages, you will first need to scan the spam pages available on your web server. As these pages can be created by inserting code within your database, that would mean, you will have to review all the tables within your database. But act with caution. At first, create a backup of the site and database files. Then scan all the codes within each file. If you find malicious code, remove it.

Remove Spam Pages From WordPress Folders

Look for unfamiliar directories, either outside of your WordPress folders or hidden in subfolders of a directory within your C-Panel. If you find any unfamiliar file which is not relevant to your blog, delete them. The directory/folder names may seem functional like “headers” or “stats” or they may be obscure like “xyz3045”. Files can be HTM,  a random file (intentionally done to make the code ambiguous to a regular user) or anything rubbish. There are usually thousands of files. So, you need to examine all the files, even those which sounds like a familiar file but they contain harmful code. If you can identify infected or unwanted pages, then you need to remove those spam pages from your WordPress site.

Do A Close Examination of the .htaccess file in your WordPress blog

Most sites have a .htaccess file that gives the server instructions on which pages to serve to the site visitor. If you have spam pages on your site, the spam code can easily be inserted into the .htaccess file that will direct site visitors to specific pages based on the results of the query string. The query string is a piece of code added to the end of your site’s index file. Remove the query string if you can or seek an expert’s help if you find it difficult. Working with the .htaccess file to remove spam pages could be tricky. So, don’t forget to take a backup of .htaccess file before you actually begin working with it.

Delete Spam pages within the database

It’s relatively easy to remove the spam pages from the database.
They are added to posts or pages in the MySQL database. You can often see them as pages or comments that you have not added, so you can easily delete them. They are most often added using a compromised administrative or author account, and you can find out which account was used to add the spam pages. So, you can delete the account from the admin.

Working With Search Engines 

Deleting pages from your site is not enough. Search engine results pages often lag behind your site content in days or even weeks, depending on how often search engines access your site.Google shows a spam warning to the visitors if the site is hacked.

this wordpress site may be hacked

Quickly clearing the hacking warning from search engines, requires confirming within the Search Console. After removing all spam pages from your site, add your site to the Google Search Console. If you already have one, you need to confirm that your website has been cleaned.

Also, add a sitemap to your site, submit this sitemap via the search console and search the spam pages to make sure they respond to 404 (not found). You can then submit your site to be indexed. It is then a waiting game.

The sitemap and updated content are most useful for ensuring that your search results return to normal.


The spam pages are placed on the site following the exploitation of a vulnerability on the site, either by back doors, by code, by compromised admin accounts, FTP or other ways. If you find spam pages on your site, it’s essential to identify how these pages came int the first place. There may be other types of malware or security vulnerabilities on your site that allowed an attacker to gain access. A complete scan of the entire site is crucial.

If, after reading this guide, you do not know how to delete spam pages or if you want more answers about how spam pages have been placed on your site or if you need help, drop in your comment. We would love to help you out.