How to solve the footer_top.php hack for wordpress
I have troubles with hackers recently. I believe a Russian backlink group called SAPE has been inserting random backlinks into the footer of smashinghub.com as part of its backlink service. I didn’t noticed it at first as the wording were light gray and were not obvious against the white background. Forunately, a reader alerted me to this footer and I have deleted it since. However, the problem keeps coming back and I had to dig deeper into how to prevent future hacks. If you have this same problem, read on about my experience and how it can help you to resolve this situation for your website.
What is the hack
The hackers inserted a footer_top.php file into a wordpress, which allows them to modify and change the backlink on your website’s footer as and when they liked. This is how SAPE manage to sell their backlinks for cheap as they don’t own these websites. They simply hacked them and use them as part of their backlink package. It is a very nasty hack and might get your site penalised by Google.
What happened to Smashinghub
Initially, I simply deleted the footer_top.php file and get on with it. However, I noticed the files keeps coming back after a couple of days. There has to be other files being inserted that can bring the footer_top.php file back. So, I had to dig deeper for a solution. Fortunately, I found this tweet page that describes the same problems that I was having and has identified what other files you need to delete to prevent the footer_top.php file from coming back.
After the above was done, the site was hack free for a couple of weeks but it came back again. I had to repeat the steps as well as asked my hosting company what other remedies do I need to do. It was then that I realised my permission setting was also too loose.
How to remove the footer_top.php file for wordpress
Here is what I had to do after reading the tweet page and getting help from my hosting company:
- Go to your filemanger or FTP
- Look for WP_content, then upload
- Look for wp-system and delete it. This is the file that is bringing back the footer_top.php file
- Change your passwords for both WP and your cpanel
- Check that your permission settting in your WP-uploads is not 777. This would allow anyone to be able to upload stuff into your website including the wp-system hack file that I mentioned in (3)
I hope this will be useful to some of you who might have the bad luck of running into these hackers. Unfortunately, that is part and parcel of being online.