For the past few months very tiny text adverts have been appearing with links at the footer of my site’s WordPress installation.
I did a search and found that somehow a footer_top.php file was being created in the theme directory and which I did not place there. On looking at it, it contained code that I did not create and so I deleted the file.
That seemed to have done the trick and the text adverts stopped appearing…
…for a few days and then they came back.
My first thought was that the site was being hacked or it was a plugin that I installed which included adverts and so I switched off all the plugins but the adverts continued to appear.
So then the site must have nee hacked once and some code placed somewhere which allowed someone entry to re-create the footer_top.php file or it was continuously being hacked.
Searching I went and finding a few solutions including deleting some folders/files, changing the permissions of some folders (CHMODing) and re-installing WordPress from scratch and replicating the database and file structure.
I first tried the folders and files advice but that did not work and I really did not want to re-install WordPress again and replicate the whole blog, media, plugins and all the related settings.
When I was looking at some comments about this footer_top.php file appearing in the theme directory, I saw one succinct comment which was to use WP Security which seemed to be a plugin. I did a search for it on the WordPress plugins directory but couldn’t find a plugin with that particular name but I did find one called “iThemes Security” which was formerly called “Better WP Security” and with over 2 million downloads I thought I would give it ago.
I installed the plugin and played around with the settings of which there are many and now, in addition to other security messages, get emails when someone repeatedly tries to login unsuccessfully to the site and the IThemes Security plugin locks them out (for a timescale you can set) and I believe will permanently ban them if they keep trying unsuccessful/incorrect logins.
The cluster of buildings in the map above is the location in China of the I.P. address of the first person who was locked out after repeated unsuccessful logins. I’m sure the pointer where the building was may not be precise but I can see who the ISP is if I wanted to contact them.
…And the footer_top.php file no longer appears and hence the text adverts don’t appear.
Thank you to IThemes Security for your plugin.