Rogue Themes & PHP Injection
-
I have seen a number of posts about malicious links appearing on blogs and have just finished wasting a weekend wrestling with this problem.
It all began with me looking for a Free WordPress Theme. I used Google to search “Free WordPress Themes” and the top link on the first SERP was https://www.freewordpressthemesbase.com.
They had some nice themes that I then downloaded and uploaded to my themes directory.
Then I noticed a couple of sneaky things that they had done:
- There was a very sneaky link that was hidden inside of base_64 coding with the instructions not to show it if the user was logged in. Very sneaky.
- Far worse was yet to come – when I deleted this code and looked through the HTML on my page, I noticed a bunch of spam links for all kinds of crap unrelated to my site – football jerseys, piano players and more.
At that point I decided to delete the theme.
Too late. Those links now persisted on all of the themes on my site – even clean ones that I had previously downloaded from the www.ads-software.com site.How I fixed it:
- Delete all the themes that you download from https://wordpressthemesbase.com – this is a rogue site that will install malware on your blog.
- Upload a FRESH copy of /wp-includes/general-template.php
Done.
Never download anything from https://www.freewordpressthemesbase.com.A summary of this can be seen here:
https://www.webdeveloper.com/forum/showthread.php?p=1042049#post1042049—————————————————————
These are the links that were embedded into my blog:
<!– end #sidebar –>
<div style=”visibility:hidden; display:none”>Cheap Retro Replica NFL NBA MLB Throwback Football Basketball Jerseys |
hp printer ink cartridges refills|
Professional Wedding Pianist | Jewelry Making Supplies
</div><div style=”clear: both;”> </div>
</div>
</div>
<!– end #page –>
- The topic ‘Rogue Themes & PHP Injection’ is closed to new replies.