Best desktop blog editor
If you are using Windows then the best Desktop Blog…
Running a huge cycling blog and gaining a good reputation on Google I guess it was inevitable to attract some attention from spammers who want to benefit from my hard work without putting in any effort themselves.
I recently noticed a sharp drop in my Google traffic. Logging in to my webmaster panel I noticed the site was now popular with terms such as poker and viagra. Definitely not what I want to be linking to. An investigation at the blog revealed no visible links. However, looking into the source code they were there but hidden by a css trick of placing them outside of the viewable screen area.
By disabling wp_footer by simply commenting it out in the theme files the problem went away. However, it wasn’t a permanent solution. An upgrade of the theme I was using (WooThemes) didn’t fix issues.
Further investigation into the MySQL table revealed an MySQL insertion had occurred:
option_value: (really long)
The option_value was huge with a base64_decode where the hack was hidden. I deleted this entry from WordPress and low and behold the hack disappeared. Re-enabling wp_footer the links were still not showing in the source code. Wp Footer hack removed!
I believe the hackers got in through the TimThumb vulnerability present in many WooThemes files. Therefore, I upgraded it to the new version to be sure no similar attacks can be made. As a precaution I also changed all of my passwords (admin, FTP, cpanel etc).
I hope this write up helps others deal with these issues. I’m happy to take questions in the comments but do be aware this isn’t my main area of strength. I’m a writer not a WordPress programmer.
I’ll update this post if any further WordPress hacks appear and let you know how I dealt with them.