Need help removing this pesky WP footer spam link

Question

i,

I purchased a WP theme recently.

Seems that this theme is injecting a footer link in a sophisticated way that I can't find how to remove.

usually it link to WP theme sites (wp2blog.com/ , themes.weboy.org/ ) , which aren't related to me at all.

I tried to see if this is a CSS or JS injection - but I just can't find where this code is hiding. It is surely not on the footer.php file which I immediately monitored.

any ideas?

---

thanks for the quick comments.

The culprit was the itself.

Apparently somehow it injected those spam links.

I removed it and now the links are gone.

Still it's interesting how it was done.

How can I see which scripts are being called by wp_footer() ?

Answer 1

By removing <?php wp_footer(); ?> you will probably break some of your plugins, as they hook into either the header or footer to load JS and CSS for functionality.

Edit footer.php to remove those links.

If you need to see what wp_footer puts into the source of your site, view source on the page to get the full html.

But if it's a paid theme, you get what you pay for.

Answer 2

Generally, they do it with something like this

<?php echo eval(base64_decode('aC453434...')); ?>

Basically, they just encode the PHP code in Base64, and then eval() the returned string.

Check in footer.php, and it may also call other functions in functions.php IIRC.

Also, check the license and/or docs supplied with the theme. It may be a problem or violation of terms to remove that. They probably went about obfuscating it for a reason.

Answer 3

Answer: They usually have to have another (php) file from which to call in the appropriate spammy links. Check your theme directory for suspicious subfolders or php files with only a couple of lines within them.

Could be that they are really sneaky and have put the calling of spammy links within the Theme Widgets php file. But that is the best advice I can give as WordPress developer myself (who obviously never would even dream of putting spammy links inside my themes - it is a nightmarish way of losing clients as well as one´s reputation) - however, You have done the wrong thing, never delete wp_footer(); that is an essential part of any working WordPress installation because it will be required by future plugins that You shall have to certainly install to get WordPress working properly - like minifying and caching plugins for example.