My websites were all fine up until today. Now every WP website I run on the same bluehost web hosting has what seems to be malware or hackers coding with text and links pointing to prosoftwarestore.com on/below the footer of all home pages and some websites have this coding on the footer of other pages and blog posts. How do I remove this? I am not a techie – that is why I used the Themes I used to create these websites in the first place.
For example, see examples of this below the footer of these sites, only 2 of many I run:
I have no idea how to remove this using the FTP or other methods. I know how to get into the FTP but I don’t know what to do when I get there. I have seen other “fixes” posted for these “types” of problems but nothing for my exact problem, even so, I don’t even understand what they are talking about.
If someone can tell me what to manually do in the FTP, I’ll do it. But I know nothing about exporting data, backing up data or running scripts.
In addition, I do see the infamous eval(base64_decode string in my index.php (and maybe other) files…but I don’t see any problem with my permalinks, nor do I see any additional “users” other than myself, even in the source code.
It’s a code injection attack.
What happened is that a hacker either compromised an account on the same server as you, or simply opened an account on the same server as you. The hacker than ran a simply script to inject the code in all .php files (like your templates) across the entire server.
It’s a weakness in most shared hosting setups.
Thank you! One thing. When I go to change the MySQL user passwords, there is no way to do that without completely deleting the user. Is that what I need to do?
I’d check with your hosting provider first, you should be able to change the password.
- The topic ‘Problem in footer of every WP website since this weekend’ is closed to new replies.