content top
Theme footer spam: how to remove

Theme footer spam: how to remove

[Original article source: JamesICT]

I was recently working on a site for a client who had chosen a theme they liked and then hired my services to individualise it for them. The basic structure they preferred was in place, but they wanted to change the ‘look’, add in some further functionality, and make it so that the theme was more suited to their particular style. I find that this type of work is all pretty much the norm for many clients and all was going well with this project until I tackled the footer and noticed that this was one of those themes [which are becoming more and more prevalent] that contained some script/coding, which meant that the user could not remove the link back to the theme design author.

Now, I am all for giving credit where credit is due and in 99% of cases I do leave the link to the theme designer in place. Obviously, some clients specifically ask to have this removed, however in this instance, it was not so much that it was linking back to the theme author, but rather, that it was full of links and references which were dubiously ’spam’ focussed.

So, into the footer file I dived, expecting to find the normal layout and a href’’s which could be easily changed. And this is where the trouble started. Instead of the file displaying PHP and HTML code, it simply contained a long string of letters and numbers all wrapped very neatly inside one set of PHP tags, such as this example below.

?php $E7dab924f505e1bffgh8a0292fa5883a9746=’dZDBasMwDIbP81OIPEB82Wm4Lmwt7Lw6jdelZiJRY4trHVQMoefs
4oZQymi2RJ/2fxH636iSfjeAV2h25KSah0Vpls1ec1UxneUxWOcx9JIJe0sqMKOE2pOBwCwYIRZ3JgaLGOHI8o7VWprFSM
bk2oKVyFU6y9UgbBF5oOnRfJL1o7Cp4btv0kW4+VsbMXqgKnfQAfhAHOVRrTaLTwBX8BHB0jx7VpForyQI1p6ewrxhlDKv
QbBG8Fq/8Hh7fnXar3K4bKbfvEhUZJZdsVyuhmTDNMN8dacc+PNCS3WaO9LOHurTlmn9U3?;
echo(gzinflate(base64_decode($E7dab924f505ed4j1bf8a0292fa5883a9746))); ?

Removing the code does nothing more than destroy the footer completely and trying to leave it in place and work around it, also has it’s fair share of other issues, so what to do to make this a working footer file? Now I would imagine there may be several methods of choice at this point, with the dissection of the theme functions php file – in unison with hacking the footer file – probably sitting at the top of the ladder. The trouble with this, was I did not have the time to spend going down this road, so I opted for something else.

What if I was to bypass the footer call completely, I thought to myself? And that is exactly what I did. In typical fashion the footer was being called from all of the major post and page files by using the standard code:

So, in order to by bypass it I created a new footer file, named it footer_new.php and then simply dropped in a new call using the following code instead: < ? php include(’templates/footer_new.php’); ? >

I prefer to keep additional customised pages in a templates folder, so that is why you see the reference to ‘templates’ in the code, but this can work just as well using any other named folder or you can place it straight into the theme root directory just as easily too.

Note too: That solved the problem of the footer being uneditable, but as I do not like to leave code sitting on a site that I have no real idea as to what it is doing, I also opened the functions.php and removed the same lengthy string of code as was found in the footer, and just to be safe, also deleted the original footer.php file.

If you know of an easier method, then please do let me know, but for now, at least this appears to have resolved the problem and given me full control over the site as it should have been in the first place. Another factor that may need to be considered here, especially in light of the fact we do not know exactly what this code is doing in its entirety, is that your site could well be compromised. Again, just to be safe, I changed the login passwords [after removing the code] in order to prevent any further problems.

Leave a Reply

Your email address will not be published. Required fields are marked *