I'm Andreas Kambanis and I'm the founder of Nibble Apps. This blog is all about creating and launching successful apps.

Menu & Search

Wp_footer WordPress hack hidden links

Running a huge cycling blog and gaining a good reputation on Google I guess it was inevitable to attract some attention from spammers who want to benefit from my hard work without putting in any effort themselves.

I recently noticed a sharp drop in my Google traffic. Logging in to my webmaster panel I noticed the site was now popular with terms such as poker and viagra. Definitely not what I want to be linking to. An investigation at the blog revealed no visible links. However, looking into the source code they were there but hidden by a css trick of placing them outside of the viewable screen area.

By disabling wp_footer by simply commenting it out in the theme files the problem went away. However, it wasn’t a permanent solution. An upgrade of the theme I was using (WooThemes) didn’t fix issues.

Further investigation into the MySQL table revealed an MySQL insertion had occurred:

Table: wp_options
option_id: 1120
blog_id: 0
option_name: siteurlpath
option_value: (really long)

The option_value was huge with a base64_decode where the hack was hidden. I deleted this entry from WordPress and low and behold the hack disappeared. Re-enabling wp_footer the links were still not showing in the source code. Wp Footer hack removed!

I believe the hackers got in through the TimThumb vulnerability present in many WooThemes files. Therefore, I upgraded it to the new version to be sure no similar attacks can be made. As a precaution I also changed all of my passwords (admin, FTP, cpanel etc).

I hope this write up helps others deal with these issues. I’m happy to take questions in the comments but do be aware this isn’t my main area of strength. I’m a writer not a WordPress programmer.

I’ll update this post if any further WordPress hacks appear and let you know how I dealt with them.

Technorati Tags: ,,
Article Tags
Related article

Best desktop blog editor

If you are using Windows then the best Desktop Blog…

How to link cloak in WordPress

As a blogger with over 50,000 visitors every month I…

PHP random content on wordpress

I wanted to split test my post footer in WordPress…

Discussion about this post

Leave a Reply

Your email address will not be published. Required fields are marked *

Type your search keyword, and press enter to search