Support » Everything else WordPress » Can’t remove “hacked” Link from sidebar

  • The other day i was checking out my blog and I expanded the “links” section on the side to find a link that I had not put there myself. It says “Cheap Web Hosting” and for the life of me I can’t remove it! I deleted it from the links section from my wp-admin and it just pops up 1 second later! I just recently updated and thought that might help fix it but it hasn’t!

    Can someone please shed some light for me! I don’t want this on my site!

    (steps to repro)
    1. go to
    2. Expand the “links” section on the left side by hitting the plus sign
    3. notice the “Cheap web hosting” link at the bottom.

    Someone please help!

Viewing 15 replies - 1 through 15 (of 20 total)
  • I don’t speak JavaScript well, but there’s this in your footer:

    <script type="text/javascript">
    var load_cmc = function(){linktracker_init(5231472,0,2);};
    if ( typeof addLoadEvent != 'undefined' ) addLoadEvent(load_cmc);
    else load_cmc();

    Maybe that could be the problem?

    I looked in my “footer.php” and didn’t see this (I dled it from my server and didn’t see it in the file)

    Looks like that code is loaded by WP-Stats Wp-Stats so it probably isn’t the source of your problem.

    I’d start by disabling all of my plugins just to see if one of them is creating that link.

    Also, you are not hosted at Open Blu Host are you?

    I turned off all the plug-ins and it deleted the link and it still came back… : /

    the only plug-ins I have are the next-gen gallery and wordpress stats.

    I am also not hosted by “Open Blue Host”

    It appears that I can hide the link….. but I really want it gone.. I don’t like the idea that someone can put links on my site without my permission…

    When you say that ‘I turned off all the plug-ins and it deleted the link and it still came back’ what do you mean? Your sentence is a little confusing. Do you mean that when you turned off the plugins the link disappeared? And then when you turned the plugins back on the link came back as well? If that is the case then the link is being inserted by one of those plugins. Turn them off one at a time and see which one it is. When you find out which it is download a fresh copy from somewhere reliable, like the WP Plugin Directory. It is possible that you have a hacked version of one of the plugins. It would be trivially easy to edit a plugin then put it back online for download.

    If that is not what you mean then I’m not sure how to interpret your sentence.

    It is also possible that the link is being inserted by a Theme. Take a look in /wp-content/themes/<your-theme-name>/functions.php and search for that spurious link.

    Hmmm… how can you hide the link? CSS?

    Sorry a typo ! I ment that “I” deleted it , not “IT” deleted it. Also in wordpress you can keep links private so i just hit the “set link private” button and it doesn’t show up on the main page. BuT! I still need to figure out how to remove it from my site!. (it didn’t seem to be any plug-in) and this theme I’m using doesn’t have a “functions.php” : /

    Please list your plugins.

    I checked the theme (mental_disorder) and it doesn’t seem to be there unless it’s hidden in a wacky place or encrypted.

    If it was a rogue user adding this in, they’d know to un-private the link, so that’s unlikely, but I’d check for sneaky people with Admin access anyway.

    I am the only person with admin access to my blog. I keep getting the feeling its just apart of some spam bot thing that goes around and checks for certain weaknesses in peoples sites and then exploits them….. I would love to just find out what’s going on …. I sadly don’t know enough about websites to solve this…

    So you can find the link in the WordPress Link manager but can’t delete it? At least you can’t delete for very long before it comes back? That’s interesting.

    If it isn’t the plugins and it isn’t the theme then maybe you’ve got a corrupted install, somehow. Has anyone ever had access to your code? Maybe someone installed it for you or something? Is this a clean install or did you copy it from some other site?

    Meanwhile, do you have any way to search your entire installation for keywords? Something like ‘grep’ maybe? Any *nix OS likely has this function including OS X. For Windows you’ll need something third party like maybe Wingrep though I’ve never used it. If I were in your shoes I’d grep the whole installation– something like grep -Rn '' * ran from top level WP directory. I don’t mean to over complicate things but something is inserting that link and if it isn’t the plugins and it isn’t the theme you are going to need to cast a much wider net.

    apljdi’s right, there. Here are your options:

    1. Someone cracked your admin account (unlikely, other changes would have been made as well)
    2. Your theme has a hidden encrypted bit that puts this in (unlikely, as the theme doesn’t seem to have any of that)
    3. A plugin or other feature you added on is doing this (unkown, as we don’t know what your plugins are, seriously, man, just list ’em. It doesn’t hurt.)
    4. Whom/Whatever installed your WP slipped this in.

    Who’s your webhost?
    How did you install WP?
    What plugins do you have?

    Guys, go back and read. He DID list his plugins:

    the only plug-ins I have are the next-gen gallery and wordpress stats.

    Neither of these should be installing that link, so my thought is there is a hacked copy of a wordpress file somewhere. Download a new, fresh copy from and extract it into your site overwriting any files that are there. Also, look at all of the files included in the archive and see if there are any extra files in your install, especially in the root, wp-admin and wp-content folders. Any extra files that you did not personally add should be removed.

    If all else fails, take some time in the evening and back up your database, dump everything, the site, the db, everything, and do a clean install. This is a drastic measure, but unless you can identify exactly which script is adding the link, it may be your last resort.

    ‘grandslambert’ might be suggesting one of the only real options you have, Generalvivi, if you can’t find the code that inserting this link. I’d further suggest, though, that overwriting might not be enough. You can still end up with old and potentially compromised files on the server if you depend on overwrites. I’d say delete whole directories, then install the new files. (Why Delete? Generally, it is a good idea to delete whatever is possible because the uploading (or upgrading through cPanel) process may not correctly overwrite an existing file and that may cause problems later.) Of course, all this pain means nothing if you re-upload hacked plugin or hacked theme files so make absolutely sure you have clean copies of those too.

    You might try changing all of your passwords including the mysql DB password (if you can), and see if that helps. Definitely change the passwords if you reinstall.

    I am having this same issue with the latest release of word-press. After my upgrade a link appeared in my links and despite deleting it dozens of times it keeps coming back. I can’t find anywhere in the installation code that would cause this to happen. It’s not my theme, not my plug-ins. I’ve wiped everything and completely re-installed the new version of wordpress and the same thing is happening.

    You go into links, delete the offending link, and as soon as you update any part of the blog the offending link is back.

    I have no idea what to do now.

Viewing 15 replies - 1 through 15 (of 20 total)
  • The topic ‘Can’t remove “hacked” Link from sidebar’ is closed to new replies.