Category: Lessons Learned

Lessons Learned: FaceBook Meta Tags

Recently I finished working on a WordPress theme which I’ll blog about later. While I was working on the theme, the WordPress account was on maintenance mode to keep prying eyes away. Once the site was ready to launch, it was out of maintenance mode, but I guess Facebook had already crawled the site. I installed this Facebook Meta Tags plugin which was straight forward and easy to use.

When the link to the site was pasted into Facebook to share, the meta title, description and image were outdated. This information is cached by Facebook, so what do you do if you want it updated? Wait for Facebook to come back to crawl your site to update it’s cache? Yes, you can but what if it takes 2-3 days? I didn’t want to wait that long, so I searched for a solution.

There’s a link that you can go to, enter the URL and flush the cache manually, so Facebook can grab the recent meta data.

Here’s the link to Facebook’s Object Debugger: https://developers.facebook.com/tools/debug

Screen Shot 2013-02-14 at 2.59.36 PM

The debugger also tells you what’s wrong with your information and how to fix it.

Here’s a mapping of what each meta tag means in terms of WordPress.

Meta Tag:	<meta property="og:title" content="BitSummit" />
This title is pulling from the title of the page/post.

Meta Tag:	<meta property="og:type" content="article" />

Meta Tag:	<meta property="og:url" content="http://bitsummit.org/" />
The URL of the site.

Meta Tag:	<meta property="og:image" content="http://bitsummit.org/wp-content/uploads/2013/02/BitSummit_FB_Icon.png" />
The Facebook Meta Tags plugin allows a default image in case an article doesn't have a featured image set.

Meta Tag:	<meta property="og:site_name" content="BitSummit.org" />
This is coming from Settings/General/Site Title

Meta Tag:	<meta property="fb:admins" content="699442825" />
The admin id number for Facebook. This number is optional and can be inputted in the FaceBook Meta Tag plugin.

Meta Tag:	<meta property="og:description" content="Welcome to BitSummit! BitSummit is a special event for a unique group of game developers. Come inside and browse the site for more information on one of the year&#x2019;s most exciting video game industry events! Learn more &#xbb; Sponsors" />
This is any content found on the page.

Meta Tag:	<meta property="article:section" content="" />
Meta Tag:	<meta property="article:tag" content="" />


After inputting both URLs (the English version and Japanese version of the site), the new meta tag information was showing on Facebook in preview mode. :)
Lesson learned!

Lessons Learned: Malware on WordPress

After some people on Twitter said that the SARS-Fansubs site was tagged as an “attack site,” I freaked out a little bit. So I’m writing this post in hopes that it might help other people who are using WordPress.

First, check the extent of the damage.
Visit this site: http://sucuri.net/ and input your URL.

Let Sucuri scan your site, it may take several minutes.

If there are any threats, they will be listed on the following screen in RED. The SARS-Fansubs.com site was blacklisted, had malware, malicious javascript, and suspicious redirects.

Screen Shot 2013-02-11 at 9.36.32 PM

So what the heck does this all mean? From the looks of it, the WordPress install was a little outdated, so it allowed some hackers to infect ALL php files with malicious Javascript that forwarded users to another site.

I did a right-click, viewed source and sure enough at the end of the file was Javascript that I didn’t add. After some Googling, I found this article which described the same issue.

Here’s the article copied/pasted. All credits go to the original poster.

Symptoms of the rr.nu WordPress Virus:

WordPress-based websites infected with the virus are redirecting visitors to a fake virus-scan website. The URL looks like http://*.rr.nu.

When you check the files on your server, the following line is inserted into your .php files, such as wp-config.php:


Remove all instances of the offending code. The problem is it typically requires finding and editing 300 files; most websites will tell you to delete your entire WordPress installation and reinstall, but here are instructions on removing the malware without reinstalling each plug-in:

  • CHANGE YOUR PASSWORD. Change all your passwords, everywhere. Your website was compromised because your password failed.
  • BACKUP YOUR DATA. Make a copy of your entire website and keep it locally – better safe than sorry!
  • RUN THE SCRIPT. Attached is a BASH script that will fix the problem. You’ll want to put it in your WordPress directory, mark it as executable, then run it. Click here to download the remove-rr-nu-virus.sh script.
  • fix_wordpress

  • (Alternately, instead of downloading the script you can go to your WordPress install directory and paste this paragraph into a relatively large, single line of executable code into the console. Note that it’s multiple lines here, but needs to be executed as a single line in Linux.)

for file in $(grep -Hlr “aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcp
BnZX” .); do sed -e “s/));?>/));?>\n/g” $file | sed -e “/aWYoZnVu
MoJ21yb2JoJykpeyAgICBmdW5jdGlvbiBnZX/d” > $file.temp; mv $file.te
mp $file; echo Fixed infected file $file; done

There’s no problem that can’t be solved – it’s just a matter of having the right resources and knowing where to find the best answers! If you believe your wordpress website has been hacked, and if the above seems like Greek to you, send us an email at support@spkaa.com and we can help you get your website back under your own control!

Some notes:

  • Download the fix-rr-nu-txt file. And rename it like this: fix-rr-nu.txt
  • Upload the above file via FTP to your WordPress directory.
  • Change the file permissions for the file, so they are executable.
  • Login via an SSH client and go to the directory of the file.
    Here’s a little guide on how to use basic UNIX commands to SSH into your site.
  • Then type in “bash fix-rr-nu-txt.txt” to execute the file and let it do its magic!
  • Be sure you don’t have any “loose” PHP files sitting around your server either. The script above will clean those files too, but they will most likely be re-infected later which is what happened with the SARS-Fansubs.com site.
  • After running the script, view source and check if the offending code is still there. I checked everyday for 2 weeks and the site was re-infected 2-3 times, so I deleted all the loose PHP files floating on the server and ran the script again. A couple weeks later the site was virus free. :)
  • Even after running the script, I ran the site through Sucuri.net again and it was cleared.
  • I recommend signing up with Google’s Webmaster tools. You can check your site’s health and see if your site is blacklisted by Google or not.

This post is more of a reminder to myself in case this happens again, but I hope you find it useful too.

Copyright © 2017 Drama-Otaku

Theme by Anders NorenUp ↑