Support » Fixing WordPress » Spam link in Footer! Not the usual credit links

  • Resolved GaryWhite855


    I have an unwanted commercial link in my footer. I can’t see how it’s being inserted. There is the usual credit for the theme (which is fine) but appended to it is a url for selling resveratrol!

    I disabled my plugins to see if one of those was causing it but the link still appeared. Could something – perhaps an old unused plugin make a modification?

    How can I find out what is feeding the URL to the footer?


Viewing 9 replies - 1 through 9 (of 9 total)
  • whooami



    check your theme files?

    start with footer.php since its in the footer of the site.

    is this a new link or something perhaps you missed before? you dont indicate either way. there are ‘sponsored’ themes, and they contain crap like that, as well as obfuscated code to make it a game when you want to remove the links.

    Thanks for your reply,

    It wasn’t there before. This is the Amazing Grace theme. It’s used a lot and there aren’t usually links like this with this theme.

    The URL is

    I looked in footer.php the URL seems to appear where there is

    and <?php wp_footer(); ?> I don’t think that’s original.

    See below Footer.php

    <?php get_sidebar(); ?>

    <div id=”footer”>

    <div id=”credits”>

    <div id=”ftnav”>
    <span class=”rss”>” title=”<?php _e(‘Subscribe to RSS’); ?>”><?php _e(‘<abbr title=”Subscribe to RSS”>RSS</abbr>’); ?></span>
    <small>Copyright © 2008 All rights reserved. <?php bloginfo(‘name’); ?> design by Vladimir Prelovac and <?php wp_footer(); ?>.</small>


    I did a file compare of functions.php

    The original had (just a comment?):
    // register widgetized sidebars

    Now replaced with:
    require_once(“theme_licence.php”); add_action(‘wp_footer’,’print_footer’);

    and also added was:
    function decode_it($code) { return base64_decode(base64_decode($code)); } require_once(pathinfo(__FILE__,PATHINFO_DIRNAME).”/start_template.php”);

    I don’t know what any of that means but that seems suspicious. I’ll check some of the other files….

    Anything with a base64_decode always looks suspicious to me.

    Looks like theme_licence.php and start_template.php might have something to do with it – I’d have a look at those.

    And if all this stuff is part of the theme as its author is distributing it, I’d be inclined to try a different theme.

    I have unzipped the original theme and checked against the current files. So far…

    theme_license.php isn’t part of the original theme at all

    It is a now long string of code like this:
    <?/* asdklnasdfknasdf923rjpidnf…..etc

    start_template.php also isn’t part of the theme and is also code:
    $start = ‘Wm5WdVkzUnBiMjRnYzNSaGNuUmZkR1Z0Y0d4aGRH…..etc

    functions.php and sidebar.php have been changed and include

    footer.php has been changed also

    I guess I’ll check them all and upload th correct versions.

    Those certainly don’t come with the theme, it’s what i use on my site.

    If new files are in the theme folder, then there are clearly some permissions issues. In order to write (add a file) to your server there must be write permissions, or an exploitable file that allows creation of files.

    What’s the best way to check that or set them correctly? Or is that a big question? Looking with Filezilla the folder that the conatains the blog has permissions as drwxrwsr-x Inside of that the 3 WP folders (admin, content, includes) are the same drwxrwsr-x

    .htacccess is -rw-r–r–
    most of the others are -rw-rw-r–
    wp-config-sample.php is -rw-r–r–

    Themes folder is drwxrwsr-x
    amazing-grace folder is also drwxrwsr-x

    within that folder the php files are all -rw-rw-r–

    Is that correct or a problem? Thanks

    Create a subfolder in your main site directory (test, or whatever you like), upload a fresh copy of WordPress into that folder, compare the permissions to your current install..

    I’d say that seems the easiest approach… (by comparison).

    I’m having the same problems with the “techified” theme. it’s got “Copyright © 2009. Techified theme by Cell Phones. Supported by BlueHost Web Hosting, Verizon Wireless, T-Mobile & Sprint” with 6 links to those sites. Now I’d rather just have “Powered by WordPress” and possbily the author bug I’m lost on correcting this. Does anyone have an idea on fixing this?


Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Spam link in Footer! Not the usual credit links’ is closed to new replies.