Hi chalkywhite - The reconsideration request might do it. It sounds like the "compromised" plug-in (I assume you mean it was hacked) could be an example of a kind of link spam which could be hard for search engines to keep on top of without reports.

Though it sounds like you've already done so, you should also check your site carefully using view as Googlebot to look for anything else that might look spammy.

Sorry, I can't comment on the time frame for you. Please report back about how this turns out. Good luck.

Hi Robert, actually it was not hacked, it simply had some code in a PHP file that hid links from users and not search bots. I checked over a years monthly backups and the code was always there :(.

Research into the plugin found that it was indeed well known for it. Silly me.

Google feth looks good, 500 pages have been spidered today and the cache looks clean :).

Ill update the thread accordingly as if I recover this could mean penguin 2.0 looks at outbound links.. I was running this plugin during penguin 1.0 updates.

If it is the recent Wordpress social media plugin/widget, then approximately 900K Wordpress installations could, potentially, be compromised. The majority of compromised Wordpress sites in the latest web usage/classification surveys I run on the Irish webscape (>330K websites in each monthly survey) had loan type links injected. The older Joomla compromises tend to be the classic warez/drugs/pron link injections. Google, for all its much vaunted spam fighting, hasn't been able to deal with these compromises in any way that could be considered efficient. I checked a sample of compromised sites (they've been compromised since at least April 2013) on Google and they all show problem SERPS. Many of the compromised Joomla sites were using an older version (1.5).

If you've cleared the problem, then the most immediate issue would be to remove the cached pages from Google (if it is caching pages) and get Google to reindex the site. One possible way would be to build a clean sitemap and then use WMT to force Google to read the sitemap and then respider the site. I don't know about the efficiency of using a no-cache directive in each page's metada but the sitemap approach might be the best thing to prioritise.

Regards...jmcc

Not naming but its a plugin that auto links posts, Seo xxxxxxxxx. For instance if you have a post on widgets it will auto link to a widget category in the post if you enter they keyword.

Thanks, ill look into the sitemap , GMT indicates they spider around 800 pages per day so, if they are as efficient as I hope they are then in a week I should be good. Then its a case of waiting and hopefully not for a penguin update.

Note : the main hit was 9th may before penguin 2`s "official" announcement.

Jmc, how do you check if your site is compromised by that plugin? I use it on my site and I didn't know it did this?!

If you are keeping it updated, n00b1, there should be no problem.
The simplest way is to look at the source code of the index page of the site in a browser (with Javascript turned off). If you see loan terms and loan site links, then there is a problem. The injected links are not visible to people just browsing the website (they are positioned off page using CSS) but the search engines do pick them up. Checking the site name and the keyword 'loan' in Google might show if any compromised pages were indexed.

The details of the compromise are here:
[blog.sucuri.net...]

This is the discussion on the Wordpress forum:
[wordpress.org...]

Regards...jmcc

Thanks for the information. I have kept the plugin updated and this issue doesn't seem to have affected my site (phew).