WordPress Internal Site Search Spam [Solved]

Have you ever found yourself pulling your hair out over annoying WordPress Internal Site Search Spam on your website or blog?

Fear not, because I’ve got a fantastic solution for you!

In the past year or so, there have been a lot of large-scale, widespread SEO spam “attacks” on WordPress sites that all went after the internal site search functions.

Most of the time, these attacks don’t hurt SEO, but they do take time and resources from both the attacker and the target.

Most sites won’t have to think about this, but if yours is big or well-known, you might have been “hit” and not even know it.

What’s going on then?

Some people in the SEO field think that “negative SEO” exists, but others don’t. Could another site hurt your exposure and rankings by getting links from spam or bad sites? It’s not as simple as Google says it is. Most sites will still have to deal with this issue.

There are many people who believe in bad SEO, even if it’s not real. Some are even using their own site search to “attack” other sites.

That has effects in the real world that are worth looking into and learning about. We’re already taking steps to protect you in Yoast SEO. Here’s what’s going on.

In this article, I’ll guide you through the process of banishing those pesky search spam results with a sprinkle of tech magic and a dash of creativity.

What is WordPress Internal Site Search Spam?

You’ve got a thriving WordPress blog, and suddenly, you notice an unwelcome visitor – search spam! And its creating 100s of thousands of spam pages on your blog.

WordPress Internal Site Search Spam

WordPress Internal Site Search Spam, also known simply as internal search spam, refers to a specific type of spamming activity that targets the internal search feature of a WordPress website.

Unlike traditional web spam, which targets search engines like Google, internal search spam focuses on manipulating the search results within a specific website’s search bar.

Here’s how internal site search spam typically works:

  1. Manipulating Search Queries: Spammers enter specific keywords or phrases into the website’s search bar. These keywords are often unrelated to the website’s content or services.
  2. Generating Fake Queries: Spammers use automated tools or scripts to generate a large volume of fake search queries. These queries might contain keywords related to products, services, or topics that the website doesn’t actually offer.
  3. Polluting Search Results: The spam queries create misleading or irrelevant search results, cluttering the search results page with links to spammy or malicious websites.

Internal site search spam can be detrimental to a website’s user experience in several ways:

  • Misleading Users: Visitors might click on irrelevant search results, expecting to find information related to their query. Instead, they are redirected to unrelated or potentially harmful websites.
  • Reduced User Trust: Users might lose trust in the website if they consistently receive irrelevant or spammy search results, affecting their perception of the site’s credibility.
  • Negative SEO Impact: If search engines notice an abundance of low-quality or spammy internal search results, it could potentially impact the website’s overall search engine rankings.

Noindex Solution

These threats shouldn’t be a problem for most sites. You don’t have to do anything to keep these URLs out of Google’s search results; You just have to mark search results pages as noindex in your SEO plugin.

Things like this won’t hurt your SEO even if you see them in Google Search Console.

But if these pages still bothers you in your search console i have come up with a solution for you.

WordPress Filters

Yes, WordPress filters offer a powerful solution to combat spammers misusing your website’s search bar. Instead of letting spammers spread their unwanted content, why not turn the tables and block them right at the entrance – your search bar?

By employing WordPress filters, you can proactively prevent spammers from polluting your search results. Imagine your search bar as a guarded gate, allowing only genuine queries to pass through.

With a bit of code magic, you can filter out spammy requests, ensuring that your website serves authentic, relevant content to your visitors.

In essence, these filters act as your website’s vigilant bouncers, intercepting and blocking spam attempts before they ever reach your audience.

It’s a smart and efficient way to maintain the integrity of your site and offer an optimal user experience, free from unwanted distractions. So, let the filters do the work, and keep your search bar clean, secure, and spam-free!

Now how should you block them lets see.

Step 1: Open Your Theme’s functions.php File

First things first, access your WordPress theme’s “functions.php” file. It’s like the secret code repository of your WordPress site.

Step 2: Add the block Code

Insert the following code snippet into your functions.php file. This code detects the pesky keyword “To66.Asia” and ensures it never sees the light of day on your search results page:

function block_specific_keyword_search($query) {
    if ($query->is_search) {
        $search_query = $query->query_vars['s'];

        // Check if the search query contains the blocked keyword
        if (stripos($search_query, 'To66.Asia') !== false) {
            // Display a warning message and disable search functionality
            echo '<script type="text/javascript">alert("Warning: Your search query contains blocked content. Please do not spread spam.");</script>';
            $query->is_search = false;
            $query->query_vars['s'] = false;
            $query->query['s'] = false;
    return $query;
add_filter('pre_get_posts', 'block_specific_keyword_search');

I’ve chosen to block the term “To66.Asia” because spammers have been using it to spread unwanted content.

However, you can adapt this technique to block any specific word or phrase that spammers are exploiting on your WordPress website.

Additionally, spammers often employ special characters to hide their content within search queries. To counter this, you can further enhance your website’s security by blocking these special characters from search functionality.

To block special characters in WordPress search functionality, you can use a regular expression to sanitize the search query and remove any special characters.

Here’s how you can implement this in your functions.php file:

function block_special_characters_in_search($search_query) {
    if (is_search() && !empty($search_query->query_vars['s'])) {
        // Remove special characters from the search query
        $search_query->set('s', preg_replace('/[^\p{L}\p{N}\s]/u', '', $search_query->query_vars['s']));
    return $search_query;
add_filter('pre_get_posts', 'block_special_characters_in_search');

In this code, the preg_replace function is used with a regular expression to remove special characters from the search query. The '/[^\p{L}\p{N}\s]/u' regular expression pattern allows letters (\p{L}), numbers (\p{N}), and whitespace (\s) while excluding any other special characters.

This proactive approach helps prevent spammers from manipulating your site’s search results and ensures a cleaner, more reliable user experience.

Step 3: Customize and Test

Feel free to customize the warning message and the blocked keyword according to your needs. Once you’ve made your changes, test it out to ensure it’s working like a charm!

And you will start noticing after some days these pages are getting removed from your search console as well.



And there you have it, folks! A simple yet powerful solution to bid farewell to search spam on your WordPress website.

With the magic of WordPress filters, you can now provide your users with a clean, spam-free search experience.

So go ahead, implement this solution, and watch those spammy search results disappear into the digital abyss.

Happy blogging, and here’s to a spam-free WordPress journey!


  1. Micz January 4, 2024 at 6:18 pm

    Hi, wouldn’t it be better to redirect all searches containing spam words to a 404 page? Could you try to create such code?

    1. Anukul Saini January 6, 2024 at 4:40 pm

      Yes, it is possible you just need to customise this code to redirect all these query to a 404 page, to simplify this process you can just copy this code paste it in ChatGPT and ask it to add a redirection all these queries to a 404 page.

Leave A Comment

Your email address will not be published. Required fields are marked *