Question from Melvin: I have a “health and wellness” blog that I’ve been writing for over four years now. It runs on WordPress.
I write several new posts each week and the blog now has over a thousand posts on it.
About a month ago I paid a guy to make some updates to the blog to make it more attractive and add a couple of new features that I’d seen on other blogs.
With my permission he ended up changing the blog to a new theme (Divi) and added several new plugins.
He gave me a great deal (only charged me $50 to make the changes) and I really love the way the blog looks now.
But here’s the thing. After he finished installing the updates new posts started appearing on the blog that I didn’t write or publish. They just appear from out of the blue.
The unauthorized posts are all being posted in my name. I checked and there is only one user account in the blog, and it’s mine.
I’ve changed the login password several times and enabled Two-Factor Authentication so I don’t believe he’s logging into my account to publish the posts.
I delete the unauthorized posts as soon I notice them but they always just come back after a few minutes.
I tried contacting the guy to ask what’s going on but he isn’t responding to my emails.
My questions are as follows:
1 – How are these new posts getting published on my blog without my permission?
2 – How can I put a stop to it?
Rick’s answer: I’m very sorry to hear that you’re having this problem, Melvin.
As a fellow blogger I understand how much concern this is causing you, and unfortunately your concern is quite warranted.
Although I could be wrong, it sounds to me like the fellow you hired to update your blog probably installed a compromised copy of the otherwise awesome Divi theme on it.
It could be a malicious plugin instead of the theme, but the fact that he only charged you $50 to make the changes leads me to believe he installed a “nulled” copy of Divi instead of purchasing a legitimate (and clean) copy.
The first thing I recommend that you try is activating the current default “Twenty Nineteen” WordPress theme. That will automatically deactivate the Divi theme to see if it’s indeed causing the problem.
Just follow these steps to activate Twenty Nineteen and deactivate Divi:
1 – Log into your WordPress Dashboard.
2 – Click Appearance>Themes.
3 – If you see the Twenty Nineteen theme listed there go ahead and activate it. If not, click Add New Theme and search for Twenty Nineteen, then install and activate it.
If the malicious code that’s publishing the unauthorized posts is contained in the Divi theme then activating the Twenty Nineteen theme will prevent any new unauthorized posts from being published.
If that turns out to be the case you’ll need to either keep using the Twenty Nineteen theme or install a new theme of your choosing.
Since you like the look of the Divi theme you can always purchase a legitimate (and clean) copy of that theme from Elegant Themes if you want.
Important: Regardless of which theme you decide to go with, make sure you delete the compromised Divi theme from your blog BEFORE you install and activate the new theme!
If new unauthorized posts are still being published after you activate a different theme that means either one or more of the new plugins the guy installed is the culprit or he placed malicious code somewhere in your blog’s file system.
You can easily find out if a malicious plugin is the culprit by deactivating all the installed plugins and then checking to see if the problem goes away.
If it does, simply re-activate the plugins one at a time until the problem comes back. Once it comes back you’ll know that the last plugin you re-activated is the culprit.
If deactivating all the plugins doesn’t stop the unauthorized posts from being published that will mean the malicious code is hidden somewhere in your blog’s file system and is not part of the theme or one of the installed plugins.
If that turns out to be the case you’ll probably have no choice except to hire a pro to track down and remove the malicious code.
There are lots of great individuals and companies that can do the job for you, but I recommend that you go with Sucuri because I’ve used them myself in the past and they always did a great job for me.
Bottom line: It appears that the person you hired to update your WordPress blog installed malicious code on it that allows him to publish his own posts on your blog without your permission.
You really need to get this fixed as soon as possible before Google and the other search engines detect the malicious code and mark your blog as being dangerous.
I hope this helps, Melvin. Good luck!
Update from Melvin: You were exactly right, Rick. The unauthorized posts stopped being posted after I activated the Twenty Nineteen theme.
I’ve already purchased a fresh copy of the Divi theme and installed it, and all is well.
Thanks so much for your help!!!!
Bonus tip: Want to make sure you never miss one of my tips? Click here to join my Rick’s Tech Tips Facebook Group!
If Facebook isn’t your cup of tea, I invite you to sign up for my Rick’s Daily Tips Daily Update Newsletter.
Want to ask Rick a tech question? Click here and send it in!
If you found this post useful, would you mind helping me out by sharing it? Just click one of the handy social media sharing buttons below.