WordPress footer hacked

3 Views

At the end of our wordpress page (when you check the source code) we have this little gem 

</body>
</html><html>
<div style='left: -3565px; position: absolute; top: -4812px'>
<a href="http://www.coachoutletsonline.cc">Coach Outlet In Jackson Nj</a> 
<a href="http://www.louisvuitonoutlet.us.com">Louis Vuitton Outlet</a> 
<a href="http://www.cheapnfljerseyschina.us.com">Cheap NFL Jerseys China</a> 
<a href="http://picklex20.com/Cheap-Soccer-Jerseys-China.html">Cheap Soccer Jerseys China</a> 
<a href="http://www.tiffanyandcooutlet.us.com">Tiffany And Co Engagement Rings</a> 
<a href="http://www.jerseycheap.us.com">Cheap Jerseys</a> 
<a href="http://www.rogervivieroutlet.us.com">Roger Vivier Shoes Outlet</a> 
<a href="http://www.redbottomsshoes.us.com">Red Bottom Shoes</a> 
<a href="http://www.jerseywholesale.us.com">Jerseys Wholesale</a> 
<a href="http://www.katespadeoutletcity.us.com">Kate Spade Outlet Online</a> 
<a href="http://www.nfljerseywholesale.us.com">Cheap NBA Jerseys</a> 
<a href="http://www.pappasdelaney.com/Wholesale-Hockey-Jerseys.html">Wholesale Hockey Jerseys</a> 

</div>
</html>

And i can’t find out exactly where this has been placed in the files. the footer seems fine

Read More
<footer id="main-footer">
<?php get_sidebar( 'footer' ); ?>

<div id="footer-bottom">
    <div class="container">
        <p id="copyright">
            <?php printf( __( 'Copyright %1$s | Web Design by %2$s', 'Nimble' ), '<a href="" title=""></a>', '<a href=""></a>' ); ?>
        </p>
    </div>
    <!-- end .container -->
</div>
<!-- end #footer-bottom -->
</footer>
<!-- end #main-footer -->
<?php wp_footer(); ?>
</body>

</html>

And it’s not in the page templates themselves. Any ideas?

Post Views: 3

Related posts

3 comments

  1. wp_footer is used by plugins to hook code into the theme, so most probably* one of your installed plugins did that – deactivate them in turn to find out.
    Start with the social plugins like wp-symposium etc, they’re known to be the most vulnerable to such hacks.

    Also, you may look in your /wp-admin for files such as ‘file_upload_include.php’ – that’s malware.

    *There’s also the remote possibility that someone used the same functionality to manually add the code via functions.php – then you should look there for unusual template loads.

  2. Could be the theme or a plugin or a free/cheap webhost that has added those links; I’ve seen it in the past.

    If not, check your theme files – such as footer.php and functions.php – against known new copies to see if they have been altered. Look for eval64 code strings.

    And try https://sitecheck.sucuri.net/ and check the report. Such services don’t find everything, but it’s a place to start.

    If you have been hacked, then carefully follow FAQ – My Site Was Hacked – WordPress Codex. Then take a look at the recommended security measures in Hardening WordPress – WordPress Codex and Brute Force Attacks – WordPress Codex

  3. When you have your web site hosted for a very cheap rate then the host can append these footers. Check with your host.

Comments are closed.