Blog Page Loading Speed is very important and plays very crucial role in getting good SEO score from Google. In the earlier posts I have already discussed about SEO Tips for WordPress Blogs and mentioned speed as a reason in those. The main reason behind checking Blog Page speed regularly is to make sure that your website or Blog is safe. Yes page loading speed is linked to the security of your Blog also. There are attacks like iFrame injection attack that increases web page load time to a great extent. And Google has already announced that page loading speed directly determines the SEO ranking of your Blog. So if due to iFrame injection attack your page loading time increases then it will eventually led to decrease in SEO ranking.
- How to Load WordPress Blogs Faster
- Top WordPress Security Plugins
- Brute Force Attack against WordPress Based Blogs
What is iFrame injection Attack?
The iFrame stands for inline frame and this tag is used to insert contents from other websites or server. This tag can be used by the attacker to inject malware contain websites or links using XSS attack. The iFrame injection attack can also be used to hamper the website server availability as the attacker can inject a website with lots of data. Whenever victim web server responds back it will be transferring lots more data than usual which increases the unnecessary web traffic on server. Attacker can launch the iFrame injection attack against a website with the following intentions:
- Injection of Advertisements
- Insertion of malware infected site links
- Redirecting the user to malware infected sites
- Get your Website reviewed by McAfee for Free
- Prevent and Recover your Blog from Google unnatural backlinks penalty
- Track Blog Traffic after Google Penguin and Panda Update 2013
Sources of iFrame injection attack
There can be many sources of iFrame injection attack but as a blogger in modern times, following are the two sources of attack.
- Comments – Most of the Blogs let you add website url and an attacker can add url with iframe tag to load another web page which will increase page loading time of your Blog.
- Guest Posts – Guest posting is a major source of link building and we love to write guest articles and even more to get guest articles for our blogs. But before publishing the guest post you need to check every link present in the content.
How to detect iFrame injection attack on WordPress Blogs
To detect iFrame injection attack you need to check web server log files. Web Server log files are the log files resides in web server and notes activity of the user browsing website. There are four types of web server logs i.e., transfer logs, agent logs, error logs and referrer logs. While analysing your web server log file you need to look for iFrame tag which will look like as shown below.
Where to check WordPress Blog web server log file
You can download web server log file of any website or WordPress Blog from your cpanel.
Login into your cpanel and look for Logs section just shown below in the screenshot
Click on Raw Access Logs to download web server log file
Now if you have more than one domain hosted you can see all the domains hosted. Click on domain name you wanted to analyse. After downloading is complete extract the compressed folder and open the file inside. It will display access records of your Blog and in that you can search whether your blog or website is infected with iFrame injection attack or not.
Conclusion: iFrame injection attack doesn’t seems dangerous as it is not trying to steal anything from website or Blog but it can have cascading effect on your Blog. Injected website can contain malware links that will now be processed from your platform. So I recommend each Blogger to carefully every link before approving it and once in a while do analyse web server log files also.