WordPress.org

Ready to get started?Download WordPress

Forums

Problem in footer of every WP website since this weekend (6 posts)

  1. laurenl
    Member
    Posted 3 years ago #

    My websites were all fine up until today. Now every WP website I run on the same bluehost web hosting has what seems to be malware or hackers coding with text and links pointing to prosoftwarestore.com on/below the footer of all home pages and some websites have this coding on the footer of other pages and blog posts. How do I remove this? I am not a techie - that is why I used the Themes I used to create these websites in the first place.

    For example, see examples of this below the footer of these sites, only 2 of many I run:

    http://www.blackfridayreminder.com
    http://www.internet101media.com/

    I have no idea how to remove this using the FTP or other methods. I know how to get into the FTP but I don't know what to do when I get there. I have seen other "fixes" posted for these "types" of problems but nothing for my exact problem, even so, I don't even understand what they are talking about.

    If someone can tell me what to manually do in the FTP, I'll do it. But I know nothing about exporting data, backing up data or running scripts.

  2. laurenl
    Member
    Posted 3 years ago #

    In addition, I do see the infamous eval(base64_decode string in my index.php (and maybe other) files...but I don't see any problem with my permalinks, nor do I see any additional "users" other than myself, even in the source code.

  3. It's a code injection attack.

    What happened is that a hacker either compromised an account on the same server as you, or simply opened an account on the same server as you. The hacker than ran a simply script to inject the code in all .php files (like your templates) across the entire server.

    It's a weakness in most shared hosting setups.

    Remain calm and carefully follow this guide. When you're done, you may want to implement some (if not all) of the recommended security measures.

  4. laurenl
    Member
    Posted 3 years ago #

    Thank you! One thing. When I go to change the MySQL user passwords, there is no way to do that without completely deleting the user. Is that what I need to do?

  5. I'd check with your hosting provider first, you should be able to change the password.

  6. ishan001
    Member
    Posted 3 years ago #

    Grr! Seems like my sites on Hostgator are also compromised! A major attack on WordPress, I guess.

Topic Closed

This topic has been closed to new replies.