Question from Melvin: I have a “health and wellness” blog that I’ve been writing for over four years now. It runs on WordPress.
I write several new posts each week and the blog now has over a thousand posts on it.
About a month ago I paid a guy to make some updates to the blog to make it more attractive and add a couple of new features that I’d seen on other blogs.
With my permission he ended up changing the blog to a new theme (Divi). Now I have a big problem that I hope you can help me with.
This guy gave me a great deal (only charged me $50 to make the changes) and I really love the way the blog looks now.
But here’s the thing. After he finished installing and customizing the new theme a bunch of new posts started appearing on the blog that I didn’t write nor publish. They just appear from out of the blue.
The unauthorized posts are all being posted in my name. I checked and there is only one user account in the blog, and it’s mine.
I’ve changed the login password several times and enabled Two-Factor Authentication so I don’t believe he’s logging into my account to publish the posts.
I delete the unauthorized posts as soon I notice them but they always just come back after a few minutes.
I tried contacting the guy to ask what’s going on but he isn’t responding to my emails.
My questions are as follows:
1 – How are these new posts getting published on my blog without my permission?
2 – How can I put a stop to it?
Rick’s answer: I’m very sorry to hear that you’re having this problem, Melvin.
As a fellow blogger I understand how much concern this is causing you, and unfortunately your concern is quite warranted.
Although I could be wrong, it sounds to me like the fellow you hired to update your blog probably installed a compromised copy of the otherwise awesome Divi theme on it.
The first thing I recommend that you try is activating the current default “Twenty Twenty-One” WordPress theme. That will automatically deactivate the Divi theme to see if it’s indeed causing the problem.
Just follow these steps to activate Twenty Twenty-One and deactivate Divi:
1 – Log into your WordPress Dashboard.
2 – Click Appearance>Themes.
3 – If you see the Twenty Twenty-One theme listed there go ahead and activate it.
If you don’t see that theme in the list click the Add New button and search for Twenty Twenty-One, then install and activate it.
If the malicious code that’s publishing the unauthorized posts is contained in the Divi theme then activating the Twenty Twenty-One theme will prevent any new unauthorized posts from being published.
If that turns out to be the case you’ll need to either keep using the Twenty Twenty-One theme or install a new theme of your choosing.
Since you like the look of the Divi theme you can always purchase your own legitimate (i.e. uncompromised) copy of that theme from Elegant Themes if you want.
Important: If you decide to go with a fresh Divi theme make sure you delete the compromised Divi theme from your blog BEFORE you install and activate the fresh one!
You should also delete it if you decide to stay with the Twenty Twenty-One theme.
If new unauthorized posts are still being published after you activate a different theme that means either one or more of your installed plugins is the culprit or the guy placed malicious code somewhere in your blog’s file system.
You can easily find out if a malicious plugin is the culprit by deactivating all the installed plugins and then checking to see if the problem goes away.
If it does, simply re-activate the plugins one at a time until the problem comes back. Once it comes back you’ll know that the last plugin you re-activated is the culprit.
If deactivating all the plugins doesn’t stop the unauthorized posts from being published that will mean the malicious code is hidden somewhere in your blog’s file system and is not part of the theme or one of the installed plugins.
If that turns out to be the case you’ll probably have no choice except to hire a pro to track down and remove the malicious code.
There are lots of great individuals and companies that can do the job for you, but I recommend that you go with Sucuri because I’ve used them myself in the past and they always did a great job for me.
Bottom line: It appears that the person you hired to update your WordPress blog installed malicious code on it that allows him to publish his own posts on your blog without your permission.
You really need to get this fixed as soon as possible before Google and the other search engines detect the malicious code and mark your blog as being dangerous.
I hope this helps, Melvin. Good luck!
Update from Melvin: You were exactly right, Rick. The unauthorized posts stopped being posted after I activated the Twenty Twenty-One theme.
I’ve already purchased a fresh copy of the Divi theme and installed it, and all is well.
Thanks so much for your help!!!!
Never miss a tip! Click here to sign up for my free Daily Tech Tips Email Newsletter!