Did you ever embedded a SlideShare presentation (from slideshare.net) in your WordPress blog posts? Go ahead and follow the steps mentioned in this post to check whether those posts are automatically getting any malware script. We have found the malware script on each post on our blogs where SlideShare presentation embed code was used. Here is the complete story.
Update – This issue is on both versions on WP i.e. self hosted WordPress and WordPress.com.
Update – We have received a clarification from Jon Boutelle, CTO, SlideShare as the piece of code (script) in question is an analytic script used to get browsing data about the embedded presentation. Checkout the clarification from Jon in comment area.
It was shocking for me as I had trusted SlideShare and had already embedded presentations in around 6 – 7 posts. I found a piece of code as mentioned below at the bottom of the post in HTML view on WordPress Dashboard. When I dug more on that code, found that the script may cause “Automatic Redirect” for the blog post to some crazy domain. Even the site is full of malware and is dangerous for system.
Note: I would suggest you not to open the domain highlighted (b.scorecardresearch.com) in above image if you are not using any security software as that may cause problem for your system.
Most of the time, I write and edit posts in “Visual” format on WordPress Dashboard and the malware code is not visible in that format. As my wife is used to write or edit in HTML format, she noticed the culprit code. Even if you open the post directly in HTML format (default), you will not find the piece of code. But once you will change the format from HTML to Visual and again to HTML for the same post without reloading you will see the script at the bottom of the post (in HTML view). Here is one of the post having malware script visible in HTML view on dashboard (edit window),
In the above image, I want to show you both Visual and HTML formats for the same post on WP edit window on dashboard. You can see there is no indication of malware code in visual format, but once I changed to HTML format for the same post, I can see two new lines at the bottom of the post. They are nothing but malware script which may cause serious problems to webpage.
Once I removed the SlideShare embed code from the post and also deleted the script in question, the malware script never appeared again. That’s how I concluded that the malware script is coming because of the SlideShare embed code only.
After that I verified few posts on my blog which are having YouTube embed code, but didn’t find any problem with them.
I used to check Google Webmaster Tool for many purposes. One of them is to check whether google is reporting any malware on my site. You can check that on Google Webmaster under “Diagnostics ==> Malware” section. That was not showing any malware report for my site. Actually I never swapped the format of the posts from Visual to HTML for the posts having SlideShare Embed code. And that’s why the malware script never ever appeared in the page source of the post and that’s why never met Google bot.
That’s a relief for me but you should cross check Google Webmaster Tool to find any such report for your blog. If you find so, try to detect SlideShare embed code on your blog and remove them ASAP.
After researching a bit about the piece of code, I found that many people are facing the issue. Either sites are redirecting to other untrusted domain or getting malware reporting from Google and even got penalty from Google. Here is an image from Mozilla support where a guy reported automatic redirect because of this kind of script.
WordPress users; if you have ever embedded SlideShare Presentation embed code in any of your post, go ahead and review the same. If you find this kind of malware script, I would recommend to remove the code from there till SlideShare resolves this issue.
Spread the word to let others know about this serious problem with SlideShare embed code in WordPress. I am not sure whether other CMS platforms or embed codes other than SlideShare are also seeing this kind of malware script addition. If you find any information related to this problem, share them through comments.