[ad_1]
I’ve scanned the site with Wordfence and Sucuri; both of them said the site is virus-free. However, the number of pages in my search console is continuously increasing, and they are all redirecting to my site’s homepage. What is the reason for this increase in the number of pages?
​
https://preview.redd.it/58fgej3ghilc1.png?width=921&format=png&auto=webp&s=fa7a0d2b32e6f010bde06a7378282d5fc0414da2
​
https://preview.redd.it/kpj6r7fjhilc1.png?width=915&format=png&auto=webp&s=b2e3aec6628a193a76a4f7cd18bea9130ce3cf41
​
they all have .shtml at the end
​
https://preview.redd.it/lxy2ra2ohilc1.png?width=937&format=png&auto=webp&s=58b7f98d1f304d30a91f7b9a2cdb2a796067c21e
[ad_2]
`.db.php` is not a WordPress file.
You need to FTP into your server and see what is going on because this isn’t wordpress. WordPress doesn’t use `.shtml` or `.html` at all. You have something else going on and you’ll need to see what’s going on at the folder structure level on your website. If this is an issue and these pages are being created, you’ll see it in your top level public folder.
The tools you have mentioned have a basic framework to check the WordPress files and the bad guys can definitely fool them. You should take a premium subscription of the either tool for a better checkup or hire a human to go through each of the files manually. The database also needs a thorough check.
Can anyone list down few pointers on what to look for in the code of each file?
Used paid version of sucuri but virus keep coming back so had to make files read only from ftp.
Any good solution will be highly appreciated.
Google Search Console doesn’t just report on real pages on your site it reports on historical pages, backlinks as well. So it’s possible a previous version of your site was compromised or something. In other words it doesn’t keep “count” of the number of pages on your site. that is not its purpose.
The reason they are redirecting to your homepage is b/c you have ALL 404s set to redirect to your homepage (Which is not a good idea for SEO but but some plugins do this).
You can see here:
curl -I “https://zeek.studio/g4159205.shtml”
HTTP/2 301
x-redirect-by: WordPress
location: https://zeek.studio/
so maybe some plugin, although I think plugins ususally set the `x-redirect-by` to themselves, but this is definitely originating in WP.
Of course do a thorough check to rule out infection but it’s possible nothing is wrong. Once you do that If I were you I’d set a server config rule to return a `410` status code for all pages ending in `.shtml`.
Also, it looks like one of your clients (I presume your client) may have been hacked as well sending some of this broken backlink traffic to your site. I won’t name them here but it’s a `.eu` domain.
I see over 77,000 backlinks from ~104 domains to your domain mostly related to this client (most are now gone) so I think maybe another site was hacked leading to broken backlinks to your site (from what I can see). but I am just guessing.